Mailing List Message #105667
From: Alexander Ryskin <>
Subject: Re: Using AWK on unix flavour to extract log information
Date: Tue, 02 Jun 2015 08:25:42 -0400
To: CommuniGate Pro Discussions <>
awk '$4 == "failed" {sub(/.*\[/,"",$3);sub(/\]./,"",$3);store[$3]=1}END{for (s in store) print s}'


On 06/02/2015 07:56 AM, Martin Miller wrote:
I want to extract all Failed to entries to pull the IP so I can deny.

Why? Its a little server and am tired of the continuous probes, and there is zero chance of legitimates being caught up in the fails.

Here is a typical log row:

23:31:51.485 1 SMTPI-002310([]) failed to open ACCOUNT(corp) for []:52281->[]:25. Error Code=account is routed to NULL

Can anyone suggest an awk statement to parse the above to get
Ideally using uniq to return unique list.

-- MJM

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster