Gerardo Herzig <[EMAIL PROTECTED]> wrote:
> Hi all. Im triyng to have some fun building a maillog analizer.
> My starting point is to locate the emails actually sent via the
> /var/log/mail
>
> It is correct to look for the expression 'removed$' (that is, the word
> 'removed' at the end of the line)?
> That would returns lines like:
> postfix/qmgr[21861]: 49CAF2A5F12: removed
>
> Those would be the files leaving the queue, rigth? After that, having
> the queue filename, i can do some grep and track the email circuit.
>
> Im i guessin right? (i know im reinventing the wheel, this is just for
> fun)
For clues, see how this and many other things are done in pflogsumm,
postfix-logwatch etc.
--
Sahil Tandon <[EMAIL PROTECTED]>
