btb:
> when reviewing postscreen entries in logs, it's difficult to quickly
> grep for entries relevant to a particular session, since the only unique
> value in the entry is the pid, which is quite long lived and spans many
> sessions. i wondered how practical it might be to include a unique id
> along with the log message, to assist in exercises like this.
Instead of a session ID, you could use the remote IP address and
TCP port. In the example below, that is [198.251.79.135]:60343.
Untested PCRE pattern: (for|from)\s(\[[0-9a-f:.]+\]:\d+).
Use $2 to extract the interesting bits.
Wietse
Mar 5 00:06:22 spike postfix/postscreen[95625]: CONNECT from
[198.251.79.135]:60343 to [168.100.189.2]:25
Mar 5 00:06:22 spike postfix/postscreen[95625]: PREGREET 14 after 0.05 from
[198.251.79.135]:60343: EHLO ylmf-pc\r\n
Mar 5 00:06:22 spike postfix/postscreen[95625]: DNSBL rank 2 for
[198.251.79.135]:60343
Mar 5 00:06:22 spike postfix/postscreen[95625]: HANGUP after 0.11 from
[198.251.79.135]:60343 in tests after SMTP handshake
Mar 5 00:06:22 spike postfix/postscreen[95625]: DISCONNECT
[198.251.79.135]:60343
