I am trying to remove the conversation from a postfix log file based on those clients that started them. This is a weird script that extends the mailing id ID:
awk '/client.host.name/ & amp; Amp; Using a standard postfix marilog as input (/ timeout / || / disconnect /) {sub: (":", "", $ 6); Print $ 6} 'mylog
see below for sample data). Do I have to find a multi-pass of the file using the result of the first search, but I'm not sure that this is the correct approach. Something like this:
awk '/client.host.name/ & amp; Amp;
(/ timeout / || / disconnect /) {sub: "", "", $ 6); = $ 6} $ 0 ~ Naturally, it does not work as expected; I'm assuming that I need to do one of the following:
- First one from awk Pipe output to another awk or grep (not sure how to use pipe input as regex)
- Set the first result to an array and use the array as a search set. Something like this:
awk '/ app02 / & amp; Amp; ! (/ Timeout / || / connect /) {sub (":", "", $ 6); [$ 6] = $ 6; } END {to (in x) {print x; }} 'Mylog'
I'm not sure how I should move inside the loop. Is there any way to "rewind" the file in awk and then holding all the rows matches an array with an element? - Scrap the whole deal and use it for Pearl.
So, for awk gurus ... am I looking to use awk? Sample data:
Jul 19 05: 07: 57 Relay Postfix / SMTPD [5462]: C48 F6 CEFAFAL: Client = Client.Dom.LCL [1.2] .3.4] July 19 05:07:57 Riley Postfix / CleanUp [54]: C48 F6 CEFAF: Message-Eddie = & lt; 20100719100757 .C48F6CE83FA @ relay.dom.lcl & gt; Jul 19 05:07:57 Relay Postfix / qmgr [12345]: C48F6CE83FA: to = & lt; Root@dom.lcl>, size = 69261, NRCPT = 6 (active queue) July 19 05:08:04 Relay Postfix / SMTP [54205]: C48F6CE83FA: to = & lt; Recip1@example.org> ;, relay = in.example.org [12.23.34.5]: 25, Delay = 0.7, Delay = 0.05 / 0 / 0.13 / 0.51, DSN = 2.0. 0, position = transmitted (250 OK: message 200012345 approved) July 19 05:14:08 relay postfix / qmgr [12345]: C48F6CE83FA: deleted `
You can use an array. Something like this:
awk '/client.host.name/ & amp; Amp; [$ 6] = 1} {If (in $ FIELD) print} 'MyLogWhere you need to move the number that contains the data, because I do not know this.
Edit: moved a left brace.
Edit2:
Here is the specific version for your sample data:
awk '/client.dom. Lcl / & amp; & Amp; ! (/ Timeout / || / disconnect /) {sub (":", "", $ 6); [$ 6] = 1} {if printed in gensub (":", "", 1, $ 6) 'sampledataEdit2:
There is a simplified version:
awk '{id = gensub (":", "", 1, $ 6)} /client.dom Lcl / & amp; & Amp; [Id / =]} {if print (in id)} 'Sampled
Comments
Post a Comment