Logparser, script para colorir o log do Spamdyke

11 agosto, 2009 Sem comentários »

Outro dia eu estava analisando os logs do Spamdyke, e me fiquei bastante confuso para acompanhar os dados pelo "tail -f", pois era muita informação na tela, que só o Neo Matrix conseguiria ler. Buscando no google, achei um shellscript que fazia um parser de um log e mostrava um resultado colorido de forma que facilitava a visualização. Peguei esse código e fiz umas modificações e adaptei ele para o SpamDyke.
Não sei se ele de forma genérica funciona para todo mundo, no caso no meu Spamdyke está gerando log no syslog no nivel de mail, no caso no mailog, e sem nenhuma modificação nas configurações padrões, segue a screenshot abaixo.
fundo4
*Nota que o "spray" vermelho eu coloquei para ocultar os domínios do meu servidor.

Segue o código abaixo

PLAIN TEXT
CODE:
  1. #!/bin/sh
  2. RED="\\033[0;31m"
  3. GREEN="\\033[0;32m"
  4. YELLOW="\\033[1;33m"
  5. BLUE="\\033[0;34m"
  6. VIOLET="\\033[0;35m"
  7. CYAN="\\033[0;36m"
  8. WHITE="\\033[1;37m"
  9. NORMAL="\033[0m"
  10.  
  11. comando="tail -f /var/log/maillog | grep spamdyke | colorize"
  12.  
  13. colorize() {
  14.  
  15. while read LINE; do
  16. if [[ $LINE =~ "(.*)\ (.*)\ (.*)\ (.*)\ (.*)\ (TIMEOUT|DENIED_IP_IN_CC_RDNS|DENIED_BLACKLIST_NAME|DENIED_OTHER|DENIED_RBL_MATCH|DENIED_RDNS_MISSING|DENIED_RDNS_RESOLVE|DENIED_GRAYLISTED|DENIED_SENDER_NO_MX)\ from:\ (.*)\ to:\ (.*)\ origin_ip:\ (.*)\ origin_rdns:\ (.*)\ auth:\ (.*)(\ .*)?" ]]; then
  17. echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${NORMAL}${RED}${BASH_REMATCH[6]}${NORMAL} ${WHITE}${BASH_REMATCH[7]}${NORMAL} to: ${VIOLET}${BASH_REMATCH[8]}${NORMAL} from: ${VIOLET}${BASH_REMATCH[9]}${NORMAL} origin_ip: ${CYAN}${BASH_REMATCH[10]}${NORMAL} origin_rdns: ${CYAN}${BASH_REMATCH[11]}${NORMAL} auth: ${WHITE}${BASH_REMATCH[12]}${NORMAL} ${NORMAL}${BASH_REMATCH[13]}${NORMAL}"
  18.  
  19. elif [[ $LINE =~ "(.*)\ (.*)\ (.*)\ (.*)\ (.*)\ (ALLOWED)\ from:\ (.*)\ to:\ (.*)\ origin_ip:\ (.*)\ origin_rdns:\ (.*)\ auth:\ (.*)(\ .*)?" ]]; then
  20. echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${NORMAL}${GREEN}${BASH_REMATCH[6]}${NORMAL} ${WHITE}${BASH_REMATCH[7]}${NORMAL} to: ${VIOLET}${BASH_REMATCH[8]}${NORMAL} from: ${VIOLET}${BASH_REMATCH[9]}${NORMAL} origin_ip: ${CYAN}${BASH_REMATCH[10]}${NORMAL} origin_rdns: ${CYAN}${BASH_REMATCH[11]}${NORMAL} auth: ${WHITE}${BASH_REMATCH[12]}${NORMAL} ${NORMAL}${BASH_REMATCH[13]}${NORMAL}"
  21.  
  22. elif [[ $LINE =~ "(.*)\ (.*)\ (.*)\ (.*)\ (.*)\ FILTER_RBL_MATCH\ ip:\ (.*)\ rbl:\ (.*)" ]]; then
  23. echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}FILTER_RBL_MATCH${NORMAL} ip: ${CYAN}${BASH_REMATCH[6]}${NORMAL} rbl: ${WHITE}${BASH_REMATCH[7]}${NORMAL}"
  24.  
  25. elif [[ $LINE =~ "(.*)\ (.*)\ (.*)\ (.*)\ (.*)\ FILTER_RDNS_MISSING\ ip:\ (.*)" ]]; then
  26. echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}FILTER_RDNS_MISSING${NORMAL} ip: ${CYAN}${BASH_REMATCH[6]}${NORMAL}"
  27.  
  28. elif [[ $LINE =~ "(.*)\ (.*)\ (.*)\ (.*)\ (.*)\ FILTER_EARLYTALKER\ delay:\ (.*)" ]]; then
  29. echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}FILTER_EARLYTALKER${NORMAL} delay: ${WHITE}${BASH_REMATCH[6]}${NORMAL}"
  30.  
  31. elif [[ $LINE =~ "(.*)\ (.*)\ (.*)\ (.*)\ (.*)\ FILTER_RECIPIENT_WHITELIST\ recipient:\ (.*)\ file:\ (.*)\((.*)\)" ]]; then
  32. echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}FILTER_RECIPIENT_WHITELIST${NORMAL} recipient: ${VIOLET}${BASH_REMATCH[6]}${NORMAL} file: ${WHITE}${BASH_REMATCH[7]}${NORMAL}(${YELLOW}${BASH_REMATCH[8]}${NORMAL})"
  33.  
  34. elif [[ $LINE =~ "(.*)\ (.*)\ (.*)\ (.*)\ (.*)\ (FILTER_BLACKLIST_NAME|FILTER_WHITELIST_NAME)\ ip:\ (.*)\ rdns:\ (.*)\ file:\ (.*)\((.*)\)" ]]; then
  35. echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}${BASH_REMATCH[6]}${NORMAL} ip: ${VIOLET}${BASH_REMATCH[7]}${NORMAL} rdns: ${CYAN}${BASH_REMATCH[8]}${NORMAL} file: ${WHITE}${BASH_REMATCH[9]}${NORMAL}(${YELLOW}${BASH_REMATCH[10]}${NORMAL})"
  36.  
  37. elif [[ $LINE =~ "(.*)\ (.*)\ (.*)\ (.*)\ (.*)\ FILTER_WHITELIST_IP\ ip:\ (.*)\ file:\ (.*)\((.*)\)" ]]; then
  38. echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}FILTER_WHITELIST_IP${NORMAL} ip: ${VIOLET}${BASH_REMATCH[6]}${NORMAL} file: ${WHITE}${BASH_REMATCH[7]}${NORMAL}(${YELLOW}${BASH_REMATCH[8]}${NORMAL})"
  39.  
  40. elif [[ $LINE =~ "(.*)\ (.*)\ (.*)\ (.*)\ (.*)\ FILTER_SENDER_NO_MX\ domain:\ (.*)" ]]; then
  41. echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}FILTER_SENDER_NO_MX${NORMAL} domain: ${VIOLET}${BASH_REMATCH[6]}${NORMAL}"
  42.  
  43. elif [[ $LINE =~ "(.*)\ (.*)\ (.*)\ (.*)\ (.*)\ FILTER_GRAYLISTED\ sender:\ (.*)\ recipient:\ (.*)\ path:\ (.*)" ]]; then
  44. echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}FILTER_GRAYLISTED${NORMAL} sender: ${VIOLET}${BASH_REMATCH[6]}${NORMAL} recipient: ${VIOLET}${BASH_REMATCH[7]}${NORMAL} path: ${WHITE}${BASH_REMATCH[8]}${NORMAL}"
  45.  
  46. elif [[ $LINE =~ "(.*)\ (.*)\ (.*)\ (.*)\ (.*)\ FILTER_OTHER:\ response:\ (.*)" ]]; then
  47. echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}FILTER_OTHER:${NORMAL} response: ${WHITE}${BASH_REMATCH[6]}${NORMAL}"
  48.  
  49. elif [[ $LINE =~ "(.*)\ (.*)\ (.*)\ (.*)\ (.*)\ DENIED_BLACKLIST_NAME:\ response:\ (.*)" ]]; then
  50. echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${RED}DENIED_BLACKLIST_NAME:${NORMAL} response: ${WHITE}${BASH_REMATCH[6]}${NORMAL}"
  51.  
  52. elif [[ $LINE =~ "(.*)\ (.*)\ (.*)\ (.*)\ (.*)\ (FILTER_RDNS_RESOLVE|FILTER_IP_IN_CC_RDNS)\ ip:\ (.*)\ rdns:\ (.*)" ]]; then
  53. echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}${BASH_REMATCH[6]}${NORMAL} ip: ${VIOLET}${BASH_REMATCH[7]}${NORMAL} rdns: ${WHITE}${BASH_REMATCH[8]}${NORMAL}"
  54.  
  55. elif [[ $LINE =~ "(.*)\ (.*)\ (.*)\ (.*)\ (.*)\ ERROR" ]]; then
  56. echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${RED}ERROR${NORMAL} sender: ${VIOLET}${BASH_REMATCH[6]}${NORMAL} recipient: ${VIOLET}${BASH_REMATCH[7]}${NORMAL} path: ${WHITE}${BASH_REMATCH[8]}${NORMAL}"
  57.  
  58. else
  59. echo -e "${CYAN}FIXME${NORMAL} ${YELLOW}${LINE}${NORMAL}"
  60. fi
  61. done
  62.  
  63. }
  64. eval $comando

Categoria : Bash, Linux, Programação por Thiago Melo

Post a Comment