Mailing List CGatePro@mail.stalker.com Message #105667
From: Alexander Ryskin <arys@lle.rochester.edu>
Subject: Re: Using AWK on unix flavour to extract log information
Date: Tue, 02 Jun 2015 08:25:42 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
awk '$4 == "failed" {sub(/.*\[/,"",$3);sub(/\]./,"",$3);store[$3]=1}END{for (s in store) print s}'

Alex

On 06/02/2015 07:56 AM, Martin Miller wrote:
I want to extract all Failed to entries to pull the IP so I can deny.

Why? Its a little server and am tired of the continuous probes, and there is zero chance of legitimates being caught up in the fails.

Here is a typical log row:

23:31:51.485 1 SMTPI-002310([202.83.25.95]) failed to open ACCOUNT(corp) for [202.83.25.95]:52281->[192.168.1.67]:25. Error Code=account is routed to NULL

Can anyone suggest an awk statement to parse the above to get 202.83.25.95
Ideally using uniq to return unique list.

-- MJM

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster