Trying to write a log parser, need some clarifications about log enteries.

Thu, 05 Feb 2009 16:56:30 -0800

First some background. What I am trying to do is write a script that syslog can be piped into that will parse the maillog in real time and insert the items into the database -- one row per queue ID (and possibly one per recipient in another related table).
If there is any program that can do this (or close to this) let me know and save me continue to try to write this. 



Anyway, on to the problems. How do I deal with log entries like this. A 
queue ID is created, but nothing ever happens to it. There is no reject 
line, nothing generated by qmgr, it just seems to disappear. Based on 
the NOQUEUE items, it doesn't look like there is a queue id assigned 
until it receives at least one valid address (or allows relaying) but if 
so, F1E7B10E587 should show a to and from address somewhere.


   #bzcat /var/log/maillog.postfix.0.bz2 | grep 'postfix/smtpd\[61388\]'
   Feb  4 07:30:45 barium postfix/smtpd[61388]: connect from
   spam.smartt.com[69.67.187.103]
   Feb  4 07:30:46 barium postfix/smtpd[61388]: NOQUEUE: reject: RCPT
   from spam.smartt.com[69.67.187.103]: 550 5.1.1 <ema...@example.com>:
   Recipient address rejected: User unknown in virtual mailbox table;
   from=<postmas...@barracudanetworks.com> to=<ema...@example.com>
   proto=ESMTP helo=<spam.smartt.com>
   Feb  4 07:30:48 barium postfix/smtpd[61388]: NOQUEUE: reject: RCPT
   from spam.smartt.com[69.67.187.103]: 550 5.1.1 <ema...@example.com>:
   Recipient address rejected: User unknown in virtual mailbox table;
   from=<postmas...@barracudanetworks.com> to=<ema...@example.com>
   proto=ESMTP helo=<spam.smartt.com>
   Feb  4 07:30:48 barium postfix/smtpd[61388]: NOQUEUE: reject: RCPT
   from spam.smartt.com[69.67.187.103]: 550 5.1.1 <ema...@example.com>:
   Recipient address rejected: User unknown in virtual mailbox table;
   from=<postmas...@barracudanetworks.com> to=<ema...@example.com>
   proto=ESMTP helo=<spam.smartt.com>
   Feb  4 07:30:49 barium postfix/smtpd[61388]: NOQUEUE: reject: RCPT
   from spam.smartt.com[69.67.187.103]: 550 5.1.1 <ema...@example.com>:
   Recipient address rejected: User unknown in virtual mailbox table;
   from=<postmas...@barracudanetworks.com> to=<ema...@example.com>
   proto=ESMTP helo=<spam.smartt.com>
   Feb  4 07:30:49 barium postfix/smtpd[61388]: F1E7B10E587:
   client=spam.smartt.com[69.67.187.103]
   Feb  4 07:30:49 barium postfix/smtpd[61388]: disconnect from
   spam.smartt.com[69.67.187.103]

   #bzcat /var/log/maillog.postfix.0.bz2 | grep F1E7B10E587
   Feb  4 07:30:49 barium postfix/smtpd[61388]: F1E7B10E587:
   client=spam.smartt.com[69.67.187.103]


The main problem with this is I need to make a queue id as complete and 
stop processing of it to deal with the re-use of queue ids, but there is 
no log line here indicating that it is complete.


--
Chris St Denis
Programmer
SmarttNet (www.smartt.com)
Ph: 604-473-9700 Ext. 200
-------------------------------------------

"Smart Internet Solutions For Businesses" 






















					Reply via email to