Mailing List CGatePro@mail.stalker.com Message #105668
From: David Brookfield <david.brookfield@city-support.co.uk>
Subject: RE: Using AWK on unix flavour to extract log information
Date: Tue, 2 Jun 2015 13:58:19 +0100
To: 'CommuniGate Pro Discussions' <CGatePro@mail.stalker.com>
X-Mailer: Microsoft Outlook 15.0
Stupid question I guess, but what is AWS? I do pretty much exactly the same from a filter with  "failed to open" in it, I do this  on the day's log file, I then put that in Excel and extract the IPs, it's really quick but wondering if I'm missing a trick here.

-----Original Message-----
From: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com] On Behalf Of Alexander Ryskin
Sent: 02 June 2015 13:26
To: CommuniGate Pro Discussions
Subject: Re: Using AWK on unix flavour to extract log information

awk '$4 == "failed"
{sub(/.*\[/,"",$3);sub(/\]./,"",$3);store[$3]=1}END{for (s in store) print s}'

Alex

On 06/02/2015 07:56 AM, Martin Miller wrote:
> I want to extract all Failed to entries to pull the IP so I can deny.
>
> Why? Its a little server and am tired of the continuous probes, and
> there is zero chance of legitimates being caught up in the fails.
>
> Here is a typical log row:
>
> 23:31:51.485 1 SMTPI-002310([202.83.25.95]) failed to open
> ACCOUNT(corp) for [202.83.25.95]:52281->[192.168.1.67]:25. Error
> Code=account is routed to NULL
>
> Can anyone suggest an awk statement to parse the above to get
> 202.83.25.95 Ideally using uniq to return unique list.
>
> --
> MJM


#############################################################
This message is sent to you because you are subscribed to
  the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster