RE: Extracting data from each line that matches a email address from aLog file (Tab delimited)

Tue, 01 Nov 2005 15:43:50 -0800

Title: Extracting data from each line that matches a email address from a Log file (Tab delimited)
Below code is the short code of what I do as in quick and easy.  Basically, it searches the file to look for your criteria.  If it finds that it exists, it determines if it is a sent (1027) or received (1028) email by the event id ($tVal[8]) 
 
Careful on the 1028.  It is 1028 in my environment, but from what I've seen in others, it can be 1020.  The reason I don't search for both is because 1020 can follow a 1027 and/or a 1028.  So it doesn't mean its a unique identifier in determining received email.
 
You can use the ($_) variable instead of $sLine, but if you're very new to PERL, this will make it easier to understand sometimes.
 
Hope this helps!
-j
 
 
 
 
 
 
my $filename = "20051030.log";
my $nametosearch = '[EMAIL PROTECTED]'
 
open (IN, $filename);
while ($sLine = <IN>) {
    chomp $sLine;
    if ($sLine =~ /$nametosearch/i) {
        @tVal = split/\t/, $sLine;
        if (($tVal[8] == 1027) || ($tVal[8] ==1028)) {
 
            ##  $tVal[0] - date                       
            ##  $tVal[1] - time
            ##  $tVal[7] - recipient
            ##  $tVal[19] - sender
            ##  $tVal[20] - subject
 
            $sValue = $tVal[0] . "\t" . $tVal[1] . "\t" . $tVal[7] . "\t" . $tVal[19] . "\t" .. tVal[20] . "\n";
            ##  print line/add to hash or array, etc.
        }
    }
   
}
 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Durocher, Leo
Sent: Tuesday, November 01, 2005 2:08 PM
To: perl-win32-admin@listserv.ActiveState.com
Subject: Extracting data from each line that matches a email address from aLog file (Tab delimited)
Importance: High

I need to extract Date, Time, Recipient-Address, Sender-Address and the Subject. So if I search for Auser I want any line (record with his email) to take all the information listed above into a new file. These would be in 3 files (which are generated from MS Exchange 2003) they are Tab delimited. I am new to Perl and need to get this information quickly. Any help would be greatly appreated. Below is a sample of the data in the file that I need searched. These files are Huge in production I chopped them DOWN. Again Thanks Leo

Here is some sample data
 # Exchange System Attendant Version 6.5.7226.0 # Date Time client-ip Client-hostname Partner-Name Serv er-hostname server-IP Recipient-Address Event-ID MSGID  Priority Recipient-Report-Status total-bytes Number-Recipients Origination-Time Encryption service-Version Linked-MSGID Message-Subject Sender-Address 2005-9-10 0:0:16 GMT - - - storming - [EMAIL PROTECTED] 1027 [EMAIL PROTECTED] 0 0 11927 1 2005-9-10 0:0:16 GMT 0 - c=US;a= ;p=AMSCAN;l=storming-050910000016Z-212788 Fw: Hey Ugly line expansion and re-offer EX:/O=org/OU=Site/CN=RECIPIENTS/CN=Auser - 2005-9-10 0:0:16 GMT - - - storming - [EMAIL PROTECTED] 1019 [EMAIL PROTECTED] 0 0 11927 1 2005-9-10 0:0:16 GMT 0 - - Fw: Hey Ugly line expansion and re-offer - - 2005-9-10 0:0:16 GMT - - - storming - [EMAIL PROTECTED] 1025 [EMAIL PROTECTED] 0 0 11927 1 2005-9-10 0:0:16 GMT 0 -- Fw: Hey Ugly line expansion and re-offer - - 2005-9-10 0:0:16 GMT - - - storming - [EMAIL PROTECTED] 1024 [EMAIL PROTECTED] Domain.name1 0 0 11927 1 2005-9-10 0:0:16 GMT 0 - - Fw: Hey Ugly line expansion and re-offer - - 2005-9-10 0:0:17 GMT - - - storming - [EMAIL PROTECTED] 1033 [EMAIL PROTECTED] 0 0 11927 1 2005-9-10 0:0:16 GMT 0 - - Fw: Hey Ugly line expansion and re-offer [EMAIL PROTECTED] - 2005-9-10 0:0:17 GMT - - - storming - [EMAIL PROTECTED] 1020 [EMAIL PROTECTED] 0 0 11927 1 2005-9-10 0:0:16 GMT 0 - - Fw: Hey Ugly line expansion and re-offer [EMAIL PROTECTED]  -

HERE IS MY CODE I'm trying
#!/usr/bin/perl -w
use strict;
use Text::CSV_XS;
use IO::File;

my $filename          = '20051030.log';
my $column_to_search  = 7;
my $wanted_value      = Auser;

my $csv = Text::CSV_XS->new({binary=>1});
my $fh = IO::File->new($filename) or die $!;
while (my $cols = $csv->getline($fh)) {
    last unless @$cols;
    next unless defined $cols->[$column_to_search]
            and $cols->[$column_to_search] eq $wanted_value;
    for (0,1,3) {
        $cols->[$_] = '' unless defined $cols->[$_];
    }
    print join(' ',$cols->[0],$cols->[1],$cols->[3]),"\n";
}


 
 
 
IMPORTANT NOTICE: This message is intended only for the addressee and may contain confidential, privileged information.
If you are not the intended recipient, you may not use, copy or disclose any information contained in the message.
If you have received this message in error, please notify the sender by reply e-mail and delete the message.

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the individual or entity to whom they are
addressed. If you have received this email in error destroy it
immediately.
**********************************************************************
Wal-Mart Confidential
********************************************************************** 

_______________________________________________
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs

Reply via email to