Tool

Two-Find-And-Format Logfile Summary Tool

Author Info

25 June 2008 - 10:35am
Submitted by: thomasroes

Author Blog
Author Profile

Tags

Tags Map
tool
Reads:

1306

Score:
0
0
 
Comments:

2

license: 
Free for all
home page url: 
http://www.switact.nl
download url: 
http://www.switact.nl/download/tfaf_001.zip

Trying to find some abuse of our email system we wanted to get a quick list with date, time, sender and recipient of mail to internet.

In the GWIA log-files this information is on separate lines. And if you get information of multiple day's, you also need part of the filename.

So I wrote this (configurable) tool. It uses a tfaf.ini file (example in the ZIP file) and commandline parameters.

To get information of all your GWIA logfiles, you can use:

for %I in (????GWIA.*) do TFAF /sf=%I /rf=result.txt

Information on use of the program is given starting the program without parameters.

Questions, suggestions, whishes: tfaf@switact.nl

AttachmentSize
tfaf_001.zip54.92 KB

Author Info

25 June 2008 - 10:35am
Submitted by: thomasroes

Author Blog
Author Profile

Tags

Tags Map


Related Articles


User Comments

good idea

Submitted by networkn on 26 June 2008 - 3:17pm.

How about making it so that it will return all senders and all recipients in a nicer format than the gwia logs use?
Also it probably wouldn't take much to throw a gui on this so you could type your receipient and sender into edit boxes and have it display the results in a grid component! I see loads of potential here!

Not quite ready for prime time

Submitted by Seward on 27 June 2008 - 5:23pm.

This program doesn't take into account for how the GWIA processes multiple messages concurrently. An incoming message and an outgoing message could be logged before all the recipients are listed for the incoming message.

This program simply takes the recipients and apply them to the last sender from a GWIA log. There is a MSG number that keeps the records tied together. This program ignores it.

For example (bolded records belong together):
GWIA LOG - Stripped down
08:00:00 040 MSG 100001 Sender: Smith@YourDomain.com
08:00:00 040 MSG 100001 Recipient: Someone@OtherDomain.com
08:00:00 03C MSG 100002 Processing inbound message:
08:00:00 03C MSG 100002 Sender: news@newssource.com
08:00:00 03C MSG 100002 Recipient: Jones@YourDomain.com
08:00:00 040 MSG 100001 Recipient: Sometwo@OtherDomain.com
08:00:00 03C MSG 100002 Queuing to MTA

This program will incorrectly show that news@newssource.com sent a message to Sometwo@OtherDomain.com, both of which are outside YourDomain.com

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <p> <a> <em> <i> <cite> <code> <img> <ul> <ol> <li> <div> <dl> <dt> <dd> <b> <strong> <h1> <h2> <h3> <pre> <table> <td> <tr> <th> <blockquote>
  • Lines and paragraphs break automatically.
  • Glossary terms will be automatically marked with links to their descriptions. If there are certain phrases or sections of text that should be excluded from glossary marking and linking, use the special markup, [no-glossary] ... [/no-glossary]. Additionally, these HTML elements will not be scanned: a, abbr, acronym, code, pre.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
1 + 1 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

© 2008 Novell, Inc. All Rights Reserved.