Databases
StackOverflow2013
Postsdbo
POHow can I extract all conversations in a Postfix log from a particular client using awk?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHow can I extract all conversations in a Postfix log from a particular client using awk?
    text
    copied!<p>I am trying to extract conversations from a Postfix log file based on the client that initiated them. This is the awk script that extracts the matching message IDs:</p> <p><code>awk '/client.host.name/ &amp;&amp; !(/timeout/||/disconnect/) { sub(":","",$6);print $6}' maillog</code></p> <p>This is using a standard Postfix maillog as input (see below for sample data). What I <em>think</em> I'd like to do is a multi-pass search of the file using the results of the first search, but I'm not sure if this is the right approach. Something similar to:</p> <p><code>awk '/client.host.name/ &amp;&amp; !(/timeout/||/disconnect/) {sub(":","",$6);msgid=$6} $0 ~ msgid {print $0}' maillog</code></p> <p>But, naturally, this doesn't work as expected. I'm assuming I need to do one of the following things:</p> <ol> <li>Pipe the output from the first awk into a second awk or grep (not sure how to use piped input as a regex).</li> <li>Assign the first result set to an array and use the array as a search set. Something like:<br> <code>awk '/app02/ &amp;&amp; !(/timeout/ || /connect/) { sub(":","",$6);msgid[$6]=$6; } END { for(x in msgid) { print x; } }' maillog</code><br> I'm not sure how I'd proceed inside the for loop though. Is there a way in awk to "rewind" the file and then grab all lines that match any element within an array?</li> <li>Scrap the whole deal and try it using Perl.</li> </ol> <p>So, for the awk gurus... is there any way to accomplish what I'm looking for using awk?</p> <p>Sample data:</p> <pre><code>Jul 19 05:07:57 relay postfix/smtpd[5462]: C48F6CE83FA: client=client.dom.lcl[1.2.3.4] Jul 19 05:07:57 relay postfix/cleanup[54]: C48F6CE83FA: message-id=&lt;20100719100757.C48F6CE83FA@relay.dom.lcl&gt; Jul 19 05:07:57 relay postfix/qmgr[12345]: C48F6CE83FA: from=&lt;root@dom.lcl&gt;, size=69261, nrcpt=6 (queue active) Jul 19 05:08:04 relay postfix/smtp[54205]: C48F6CE83FA: to=&lt;recip1@example.org&gt;, relay=in.example.org[12.23.34.5]:25, delay=0.7, delays=0.05/0/0.13/0.51, dsn=2.0.0, status=sent (250 ok: Message 200012345 accepted) Jul 19 05:14:08 relay postfix/qmgr[12345]: C48F6CE83FA: removed` </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload