[Mimedefang] Using graphdefang

John Kirkland jpk at bl.org
Thu Jan 2 18:32:01 EST 2003 

Syn,

Try the following regexp:

m/^(\S+\s+\d+\s+\d+:\d+:\d+)\s          # datestring -- 1
(\S+)\s                                 # host -- 2
(\S+?)                                  # program -- 3
(?:\[(\d+)\])?:\s                       # pid -- 4
(?:\[ID\ \d+\ [a-z0-9]+\.[a-z]+\]\ )?   # Solaris stuff -- not used
(.*)/x;                                 # text -- 5

It works for me on Linux.  Can you test it out on Solaris and tell me if
it works?

If this works, then I'll release a new version of graphdefang.  I've also
recently added support for the perl module File::ReadBackwards, which will
cut down on parsing time significantly for large maillog files.  It parses
log lines from the end of the file instead of the beginning.

Regards,
John Kirkland


On Thu, 2 Jan 2003, syn uw wrote:

> >Hello,
> >	Oh, didn't know that.  I imagine you're separating it to make it
> >easier to see and process.  Anyway, I'm no perl expert, but perhaps you
> >are.  The graphdefanglib.pl file says it looks for lines in the file of
> >your choosing ;) that look like this in the beginning:
>
> >Sep 28 21:55:50 westover mimedefang.pl[16803]:
> >MDLOG,g8T2th86016917,mail_out...etc, etc.
>
> >With this regex
>
> >if (/^(\S+\s+\d+\s+\d+:\d+:\d+) (\S+ \S+\[\d+\]):
> >MDLOG,(\S+?),(\S+?),(\S*?),(\S*?),(.*?),(.*?),(.*)$/ ) { # then it a good
> >line and lets use it
>
> >It may be that the extra data in your line, namely:
>
> >[ID 702911 local5.info]
>
> >Might be confusing it.  Again, a perl regex person could tell you
> >definitively.  However that's my best stab at it :)
>
> Hi,
>
> Well I'm far from a PERL expert but I've already done a few stuff in PERL
> and have some regexp knowledge, you are right this field is too much and
> that's Solaris syslog which adds this, on Linux you won't see that extra
> information. Now on Solaris I have no clue on how to turn this extra
> information off and I also wonder if it's a good idea to turn that off.
>
> So I think I will need to go and modify graphdefanglib.pl to make it detect
> the OS and if it's Solaris then it will use another regexp syntax.
>
> Is anyone interested by me doing that ? I just need to know what you guys
> out there (especially the developer of graphdefang) what kind of method you
> would like me to use to detect the OS. I could do launch a `uname -s` from
> the PERL script but maybe there are better methods ?
>
> Regards
>
>
> _________________________________________________________________
> The new MSN 8 is here: Try it free* for 2 months
> http://join.msn.com/?page=dept/dialup
>

More information about the MIMEDefang mailing list