• RSS
  • Facebook
  • Twitter
  • Linkedin

Logparser, script para colorir o log do Spamdyke

Outro dia eu estava analisando os logs do Spamdyke, e me fiquei bastante confuso para acompanhar os dados pelo “tail -f”, pois era muita informação na tela, que só o Neo Matrix conseguiria ler. Buscando no google, achei um shellscript que fazia um parser de um log e mostrava um resultado colorido de forma que facilitava a visualização. Peguei esse código e fiz umas modificações e adaptei ele para o SpamDyke.
Não sei se ele de forma genérica funciona para todo mundo, no caso no meu Spamdyke está gerando log no syslog no nivel de mail, no caso no mailog, e sem nenhuma modificação nas configurações padrões, segue a screenshot abaixo.
fundo4

Segue o código abaixo

#!/bin/sh
RED="33[0;31m"
GREEN="33[0;32m"
YELLOW="33[1;33m"
BLUE="33[0;34m"
VIOLET="33[0;35m"
CYAN="33[0;36m"
WHITE="33[1;37m"
NORMAL="33[0m"

comando="tail -f /var/log/maillog | grep spamdyke | colorize"

colorize() {

while read LINE; do
if [[ $LINE =~ "(.*) (.*) (.*) (.*) (.*) (TIMEOUT|DENIED_IP_IN_CC_RDNS|DENIED_BLACKLIST_NAME|DENIED_OTHER|DENIED_RBL_MATCH|DENIED_RDNS_MISSING|DENIED_RDNS_RESOLVE|DENIED_GRAYLISTED|DENIED_SENDER_NO_MX) from: (.*) to: (.*) origin_ip: (.*) origin_rdns: (.*) auth: (.*)( .*)?" ]]; then
echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${NORMAL}${RED}${BASH_REMATCH[6]}${NORMAL} ${WHITE}${BASH_REMATCH[7]}${NORMAL} to: ${VIOLET}${BASH_REMATCH[8]}${NORMAL} from: ${VIOLET}${BASH_REMATCH[9]}${NORMAL} origin_ip: ${CYAN}${BASH_REMATCH[10]}${NORMAL} origin_rdns: ${CYAN}${BASH_REMATCH[11]}${NORMAL} auth: ${WHITE}${BASH_REMATCH[12]}${NORMAL} ${NORMAL}${BASH_REMATCH[13]}${NORMAL}"

elif [[ $LINE =~ "(.*) (.*) (.*) (.*) (.*) (ALLOWED) from: (.*) to: (.*) origin_ip: (.*) origin_rdns: (.*) auth: (.*)( .*)?" ]]; then
echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${NORMAL}${GREEN}${BASH_REMATCH[6]}${NORMAL} ${WHITE}${BASH_REMATCH[7]}${NORMAL} to: ${VIOLET}${BASH_REMATCH[8]}${NORMAL} from: ${VIOLET}${BASH_REMATCH[9]}${NORMAL} origin_ip: ${CYAN}${BASH_REMATCH[10]}${NORMAL} origin_rdns: ${CYAN}${BASH_REMATCH[11]}${NORMAL} auth: ${WHITE}${BASH_REMATCH[12]}${NORMAL} ${NORMAL}${BASH_REMATCH[13]}${NORMAL}"

elif [[ $LINE =~ "(.*) (.*) (.*) (.*) (.*) FILTER_RBL_MATCH ip: (.*) rbl: (.*)" ]]; then
echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}FILTER_RBL_MATCH${NORMAL} ip: ${CYAN}${BASH_REMATCH[6]}${NORMAL} rbl: ${WHITE}${BASH_REMATCH[7]}${NORMAL}"

elif [[ $LINE =~ "(.*) (.*) (.*) (.*) (.*) FILTER_RDNS_MISSING ip: (.*)" ]]; then
echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}FILTER_RDNS_MISSING${NORMAL} ip: ${CYAN}${BASH_REMATCH[6]}${NORMAL}"

elif [[ $LINE =~ "(.*) (.*) (.*) (.*) (.*) FILTER_EARLYTALKER delay: (.*)" ]]; then
echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}FILTER_EARLYTALKER${NORMAL} delay: ${WHITE}${BASH_REMATCH[6]}${NORMAL}"

elif [[ $LINE =~ "(.*) (.*) (.*) (.*) (.*) FILTER_RECIPIENT_WHITELIST recipient: (.*) file: (.*)((.*))" ]]; then
echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}FILTER_RECIPIENT_WHITELIST${NORMAL} recipient: ${VIOLET}${BASH_REMATCH[6]}${NORMAL} file: ${WHITE}${BASH_REMATCH[7]}${NORMAL}(${YELLOW}${BASH_REMATCH[8]}${NORMAL})"

elif [[ $LINE =~ "(.*) (.*) (.*) (.*) (.*) (FILTER_BLACKLIST_NAME|FILTER_WHITELIST_NAME) ip: (.*) rdns: (.*) file: (.*)((.*))" ]]; then
echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}${BASH_REMATCH[6]}${NORMAL} ip: ${VIOLET}${BASH_REMATCH[7]}${NORMAL} rdns: ${CYAN}${BASH_REMATCH[8]}${NORMAL} file: ${WHITE}${BASH_REMATCH[9]}${NORMAL}(${YELLOW}${BASH_REMATCH[10]}${NORMAL})"

elif [[ $LINE =~ "(.*) (.*) (.*) (.*) (.*) FILTER_WHITELIST_IP ip: (.*) file: (.*)((.*))" ]]; then
echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}FILTER_WHITELIST_IP${NORMAL} ip: ${VIOLET}${BASH_REMATCH[6]}${NORMAL} file: ${WHITE}${BASH_REMATCH[7]}${NORMAL}(${YELLOW}${BASH_REMATCH[8]}${NORMAL})"

elif [[ $LINE =~ "(.*) (.*) (.*) (.*) (.*) FILTER_SENDER_NO_MX domain: (.*)" ]]; then
echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}FILTER_SENDER_NO_MX${NORMAL} domain: ${VIOLET}${BASH_REMATCH[6]}${NORMAL}"

elif [[ $LINE =~ "(.*) (.*) (.*) (.*) (.*) FILTER_GRAYLISTED sender: (.*) recipient: (.*) path: (.*)" ]]; then
echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}FILTER_GRAYLISTED${NORMAL} sender: ${VIOLET}${BASH_REMATCH[6]}${NORMAL} recipient: ${VIOLET}${BASH_REMATCH[7]}${NORMAL} path: ${WHITE}${BASH_REMATCH[8]}${NORMAL}"

elif [[ $LINE =~ "(.*) (.*) (.*) (.*) (.*) FILTER_OTHER: response: (.*)" ]]; then
echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}FILTER_OTHER:${NORMAL} response: ${WHITE}${BASH_REMATCH[6]}${NORMAL}"

elif [[ $LINE =~ "(.*) (.*) (.*) (.*) (.*) DENIED_BLACKLIST_NAME: response: (.*)" ]]; then
echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${RED}DENIED_BLACKLIST_NAME:${NORMAL} response: ${WHITE}${BASH_REMATCH[6]}${NORMAL}"

elif [[ $LINE =~ "(.*) (.*) (.*) (.*) (.*) (FILTER_RDNS_RESOLVE|FILTER_IP_IN_CC_RDNS) ip: (.*) rdns: (.*)" ]]; then
echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${YELLOW}${BASH_REMATCH[6]}${NORMAL} ip: ${VIOLET}${BASH_REMATCH[7]}${NORMAL} rdns: ${WHITE}${BASH_REMATCH[8]}${NORMAL}"

elif [[ $LINE =~ "(.*) (.*) (.*) (.*) (.*) ERROR" ]]; then
echo -e "${NORMAL}${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}: ${RED}ERROR${NORMAL} sender: ${VIOLET}${BASH_REMATCH[6]}${NORMAL} recipient: ${VIOLET}${BASH_REMATCH[7]}${NORMAL} path: ${WHITE}${BASH_REMATCH[8]}${NORMAL}"

else
echo -e "${CYAN}FIXME${NORMAL} ${YELLOW}${LINE}${NORMAL}"
fi
done

}
eval $comando

pfSense 2.0 e...

Ano passado eu tentei me aventurar a configurar um servidor ...

GVT TV ...

A GVT está lançando seu novo produto, Televisão por Assinatura ...

Novo Blog, quem...

Hoje resolvi voltar a postar no blog, aproveitei para trocar ...

FlashPlayer no Snep,...

Esses dias pediram para eu ouvir umas ligações, e era ...

VMware vCenter Converter...

Esses dias chegou um servidor novo aqui na empresa, um ...

Ultimo post de...

Bom esta semana final de 2010 eu estava aqui de ...

Migração do Voip...

Bom quando terminou a migração eu fiquei direto na empresa ...

Asterisk com Snep...

A tempos venho comentando sobre Asterisk e Snep aqui no ...

Implementações na Radiologia

Estou fazendo implementações de novos sistemas na Radiologia, o primeiro ...

FISL 11 –...

Opa dia 2 do FISL foi ontem lol. Mas não ...