Grep /var/log/maillog for email to a certain user, based only on his linux username
up vote
0
down vote
favorite
Level 1, beginner here. Question about grep
and maillog
.
I have a learning environment, based on Linux CentOS, with Postfix and SquirrelMail running, but my assignment is more in general.
I need to find in the maillog e-mails received by a certain user within a certain time frame, based only on his Linux username.
I see my maillog, but I am not experienced in reading maillog and I have two concerns:
Whether or not these patterns that I see in the log are something reliable, i.e. whether a log for incoming e-mail will always have
to=<EMAIL>
in it.
Jan 2 20:31:17 tmcent01 postfix/local[27450]: B58C4330038: to=<root@tmcent01.training5.tm>, orig_to=<postmaster>, relay=local, delay=9.7, delays=9.6/0.03/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
How does a Linux username correspond to the e-mail name of the user? It is not it always a match (username@domain), is it? We could have alias for it, how can I take this in consideration when composing the Regex for the
grep
?
My first two attempts were a strike-out.
sudo grep "to=<jsmith@" /var/log/maillog | grep 1[2-4]:[0-5][0-9]:[0-5][0-9]
sudo grep -w "jsmith" /var/log/maillog | grep 1[2-4]:[0-5][0-9]:[0-5][0-9]
I would appreciate any help or hints how can I get the proper grep
together.
centos grep logs postfix
bumped to the homepage by Community♦ yesterday
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
up vote
0
down vote
favorite
Level 1, beginner here. Question about grep
and maillog
.
I have a learning environment, based on Linux CentOS, with Postfix and SquirrelMail running, but my assignment is more in general.
I need to find in the maillog e-mails received by a certain user within a certain time frame, based only on his Linux username.
I see my maillog, but I am not experienced in reading maillog and I have two concerns:
Whether or not these patterns that I see in the log are something reliable, i.e. whether a log for incoming e-mail will always have
to=<EMAIL>
in it.
Jan 2 20:31:17 tmcent01 postfix/local[27450]: B58C4330038: to=<root@tmcent01.training5.tm>, orig_to=<postmaster>, relay=local, delay=9.7, delays=9.6/0.03/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
How does a Linux username correspond to the e-mail name of the user? It is not it always a match (username@domain), is it? We could have alias for it, how can I take this in consideration when composing the Regex for the
grep
?
My first two attempts were a strike-out.
sudo grep "to=<jsmith@" /var/log/maillog | grep 1[2-4]:[0-5][0-9]:[0-5][0-9]
sudo grep -w "jsmith" /var/log/maillog | grep 1[2-4]:[0-5][0-9]:[0-5][0-9]
I would appreciate any help or hints how can I get the proper grep
together.
centos grep logs postfix
bumped to the homepage by Community♦ yesterday
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Level 1, beginner here. Question about grep
and maillog
.
I have a learning environment, based on Linux CentOS, with Postfix and SquirrelMail running, but my assignment is more in general.
I need to find in the maillog e-mails received by a certain user within a certain time frame, based only on his Linux username.
I see my maillog, but I am not experienced in reading maillog and I have two concerns:
Whether or not these patterns that I see in the log are something reliable, i.e. whether a log for incoming e-mail will always have
to=<EMAIL>
in it.
Jan 2 20:31:17 tmcent01 postfix/local[27450]: B58C4330038: to=<root@tmcent01.training5.tm>, orig_to=<postmaster>, relay=local, delay=9.7, delays=9.6/0.03/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
How does a Linux username correspond to the e-mail name of the user? It is not it always a match (username@domain), is it? We could have alias for it, how can I take this in consideration when composing the Regex for the
grep
?
My first two attempts were a strike-out.
sudo grep "to=<jsmith@" /var/log/maillog | grep 1[2-4]:[0-5][0-9]:[0-5][0-9]
sudo grep -w "jsmith" /var/log/maillog | grep 1[2-4]:[0-5][0-9]:[0-5][0-9]
I would appreciate any help or hints how can I get the proper grep
together.
centos grep logs postfix
Level 1, beginner here. Question about grep
and maillog
.
I have a learning environment, based on Linux CentOS, with Postfix and SquirrelMail running, but my assignment is more in general.
I need to find in the maillog e-mails received by a certain user within a certain time frame, based only on his Linux username.
I see my maillog, but I am not experienced in reading maillog and I have two concerns:
Whether or not these patterns that I see in the log are something reliable, i.e. whether a log for incoming e-mail will always have
to=<EMAIL>
in it.
Jan 2 20:31:17 tmcent01 postfix/local[27450]: B58C4330038: to=<root@tmcent01.training5.tm>, orig_to=<postmaster>, relay=local, delay=9.7, delays=9.6/0.03/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
How does a Linux username correspond to the e-mail name of the user? It is not it always a match (username@domain), is it? We could have alias for it, how can I take this in consideration when composing the Regex for the
grep
?
My first two attempts were a strike-out.
sudo grep "to=<jsmith@" /var/log/maillog | grep 1[2-4]:[0-5][0-9]:[0-5][0-9]
sudo grep -w "jsmith" /var/log/maillog | grep 1[2-4]:[0-5][0-9]:[0-5][0-9]
I would appreciate any help or hints how can I get the proper grep
together.
centos grep logs postfix
centos grep logs postfix
edited Jul 29 '15 at 10:17
asked Jul 29 '15 at 7:19
pmihova
14
14
bumped to the homepage by Community♦ yesterday
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ yesterday
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
Here's a simple sample script for you to try. It will search for user's aliases from the common /etc/aliases -file.
#!/bin/bash
#
# Arguments:
# $1 = user name to be searched for
# $2 = location for e-mail log file
#
# First, let's create a temporary working directory.
WORKDIR=$(mktemp -d)
cd ${WORKDIR}
#
# Create a file for user's user name and all aliases.
echo "to=<"$1 > search_key.txt
#
# Then, let's find out possible alises for the user.
# Awk is used just to separate the first column.
grep $1 /etc/aliases | awk 'BEGIN { FS=":" }; {print "to=<" $1}' >> search_key.txt
#
# Next, search for e-mails sent for all these.
grep -f search_key.txt $2
#
# Finally, remove the working directory.
rm -rf ${WORKDIR}
#
# All done.
Thank you for your answer, but this is a fixed assignment, it must be done with grep.
– pmihova
Jul 29 '15 at 10:19
If you can use only grep, then it is a bit difficult for you, in case you need to search for aliases also. But for the first question, just searching for "to=<username" should be sufficient, i.e. grep "to=<johndoe" /var/log/mail.log
– Kalle
Jul 29 '15 at 10:21
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f218986%2fgrep-var-log-maillog-for-email-to-a-certain-user-based-only-on-his-linux-usern%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Here's a simple sample script for you to try. It will search for user's aliases from the common /etc/aliases -file.
#!/bin/bash
#
# Arguments:
# $1 = user name to be searched for
# $2 = location for e-mail log file
#
# First, let's create a temporary working directory.
WORKDIR=$(mktemp -d)
cd ${WORKDIR}
#
# Create a file for user's user name and all aliases.
echo "to=<"$1 > search_key.txt
#
# Then, let's find out possible alises for the user.
# Awk is used just to separate the first column.
grep $1 /etc/aliases | awk 'BEGIN { FS=":" }; {print "to=<" $1}' >> search_key.txt
#
# Next, search for e-mails sent for all these.
grep -f search_key.txt $2
#
# Finally, remove the working directory.
rm -rf ${WORKDIR}
#
# All done.
Thank you for your answer, but this is a fixed assignment, it must be done with grep.
– pmihova
Jul 29 '15 at 10:19
If you can use only grep, then it is a bit difficult for you, in case you need to search for aliases also. But for the first question, just searching for "to=<username" should be sufficient, i.e. grep "to=<johndoe" /var/log/mail.log
– Kalle
Jul 29 '15 at 10:21
add a comment |
up vote
0
down vote
Here's a simple sample script for you to try. It will search for user's aliases from the common /etc/aliases -file.
#!/bin/bash
#
# Arguments:
# $1 = user name to be searched for
# $2 = location for e-mail log file
#
# First, let's create a temporary working directory.
WORKDIR=$(mktemp -d)
cd ${WORKDIR}
#
# Create a file for user's user name and all aliases.
echo "to=<"$1 > search_key.txt
#
# Then, let's find out possible alises for the user.
# Awk is used just to separate the first column.
grep $1 /etc/aliases | awk 'BEGIN { FS=":" }; {print "to=<" $1}' >> search_key.txt
#
# Next, search for e-mails sent for all these.
grep -f search_key.txt $2
#
# Finally, remove the working directory.
rm -rf ${WORKDIR}
#
# All done.
Thank you for your answer, but this is a fixed assignment, it must be done with grep.
– pmihova
Jul 29 '15 at 10:19
If you can use only grep, then it is a bit difficult for you, in case you need to search for aliases also. But for the first question, just searching for "to=<username" should be sufficient, i.e. grep "to=<johndoe" /var/log/mail.log
– Kalle
Jul 29 '15 at 10:21
add a comment |
up vote
0
down vote
up vote
0
down vote
Here's a simple sample script for you to try. It will search for user's aliases from the common /etc/aliases -file.
#!/bin/bash
#
# Arguments:
# $1 = user name to be searched for
# $2 = location for e-mail log file
#
# First, let's create a temporary working directory.
WORKDIR=$(mktemp -d)
cd ${WORKDIR}
#
# Create a file for user's user name and all aliases.
echo "to=<"$1 > search_key.txt
#
# Then, let's find out possible alises for the user.
# Awk is used just to separate the first column.
grep $1 /etc/aliases | awk 'BEGIN { FS=":" }; {print "to=<" $1}' >> search_key.txt
#
# Next, search for e-mails sent for all these.
grep -f search_key.txt $2
#
# Finally, remove the working directory.
rm -rf ${WORKDIR}
#
# All done.
Here's a simple sample script for you to try. It will search for user's aliases from the common /etc/aliases -file.
#!/bin/bash
#
# Arguments:
# $1 = user name to be searched for
# $2 = location for e-mail log file
#
# First, let's create a temporary working directory.
WORKDIR=$(mktemp -d)
cd ${WORKDIR}
#
# Create a file for user's user name and all aliases.
echo "to=<"$1 > search_key.txt
#
# Then, let's find out possible alises for the user.
# Awk is used just to separate the first column.
grep $1 /etc/aliases | awk 'BEGIN { FS=":" }; {print "to=<" $1}' >> search_key.txt
#
# Next, search for e-mails sent for all these.
grep -f search_key.txt $2
#
# Finally, remove the working directory.
rm -rf ${WORKDIR}
#
# All done.
answered Jul 29 '15 at 10:16
Kalle
3116
3116
Thank you for your answer, but this is a fixed assignment, it must be done with grep.
– pmihova
Jul 29 '15 at 10:19
If you can use only grep, then it is a bit difficult for you, in case you need to search for aliases also. But for the first question, just searching for "to=<username" should be sufficient, i.e. grep "to=<johndoe" /var/log/mail.log
– Kalle
Jul 29 '15 at 10:21
add a comment |
Thank you for your answer, but this is a fixed assignment, it must be done with grep.
– pmihova
Jul 29 '15 at 10:19
If you can use only grep, then it is a bit difficult for you, in case you need to search for aliases also. But for the first question, just searching for "to=<username" should be sufficient, i.e. grep "to=<johndoe" /var/log/mail.log
– Kalle
Jul 29 '15 at 10:21
Thank you for your answer, but this is a fixed assignment, it must be done with grep.
– pmihova
Jul 29 '15 at 10:19
Thank you for your answer, but this is a fixed assignment, it must be done with grep.
– pmihova
Jul 29 '15 at 10:19
If you can use only grep, then it is a bit difficult for you, in case you need to search for aliases also. But for the first question, just searching for "to=<username" should be sufficient, i.e. grep "to=<johndoe" /var/log/mail.log
– Kalle
Jul 29 '15 at 10:21
If you can use only grep, then it is a bit difficult for you, in case you need to search for aliases also. But for the first question, just searching for "to=<username" should be sufficient, i.e. grep "to=<johndoe" /var/log/mail.log
– Kalle
Jul 29 '15 at 10:21
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f218986%2fgrep-var-log-maillog-for-email-to-a-certain-user-based-only-on-his-linux-usern%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown