Grep /var/log/maillog for email to a certain user, based only on his linux username











up vote
0
down vote

favorite












Level 1, beginner here. Question about grep and maillog.



I have a learning environment, based on Linux CentOS, with Postfix and SquirrelMail running, but my assignment is more in general.



I need to find in the maillog e-mails received by a certain user within a certain time frame, based only on his Linux username.



I see my maillog, but I am not experienced in reading maillog and I have two concerns:





  1. Whether or not these patterns that I see in the log are something reliable, i.e. whether a log for incoming e-mail will always have to=<EMAIL> in it.



    Jan 2 20:31:17 tmcent01 postfix/local[27450]: B58C4330038: to=<root@tmcent01.training5.tm>, orig_to=<postmaster>, relay=local, delay=9.7, delays=9.6/0.03/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)


  2. How does a Linux username correspond to the e-mail name of the user? It is not it always a match (username@domain), is it? We could have alias for it, how can I take this in consideration when composing the Regex for the grep?



My first two attempts were a strike-out.



sudo grep "to=<jsmith@" /var/log/maillog | grep 1[2-4]:[0-5][0-9]:[0-5][0-9]
sudo grep -w "jsmith" /var/log/maillog | grep 1[2-4]:[0-5][0-9]:[0-5][0-9]


I would appreciate any help or hints how can I get the proper grep together.










share|improve this question
















bumped to the homepage by Community yesterday


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.



















    up vote
    0
    down vote

    favorite












    Level 1, beginner here. Question about grep and maillog.



    I have a learning environment, based on Linux CentOS, with Postfix and SquirrelMail running, but my assignment is more in general.



    I need to find in the maillog e-mails received by a certain user within a certain time frame, based only on his Linux username.



    I see my maillog, but I am not experienced in reading maillog and I have two concerns:





    1. Whether or not these patterns that I see in the log are something reliable, i.e. whether a log for incoming e-mail will always have to=<EMAIL> in it.



      Jan 2 20:31:17 tmcent01 postfix/local[27450]: B58C4330038: to=<root@tmcent01.training5.tm>, orig_to=<postmaster>, relay=local, delay=9.7, delays=9.6/0.03/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)


    2. How does a Linux username correspond to the e-mail name of the user? It is not it always a match (username@domain), is it? We could have alias for it, how can I take this in consideration when composing the Regex for the grep?



    My first two attempts were a strike-out.



    sudo grep "to=<jsmith@" /var/log/maillog | grep 1[2-4]:[0-5][0-9]:[0-5][0-9]
    sudo grep -w "jsmith" /var/log/maillog | grep 1[2-4]:[0-5][0-9]:[0-5][0-9]


    I would appreciate any help or hints how can I get the proper grep together.










    share|improve this question
















    bumped to the homepage by Community yesterday


    This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

















      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      Level 1, beginner here. Question about grep and maillog.



      I have a learning environment, based on Linux CentOS, with Postfix and SquirrelMail running, but my assignment is more in general.



      I need to find in the maillog e-mails received by a certain user within a certain time frame, based only on his Linux username.



      I see my maillog, but I am not experienced in reading maillog and I have two concerns:





      1. Whether or not these patterns that I see in the log are something reliable, i.e. whether a log for incoming e-mail will always have to=<EMAIL> in it.



        Jan 2 20:31:17 tmcent01 postfix/local[27450]: B58C4330038: to=<root@tmcent01.training5.tm>, orig_to=<postmaster>, relay=local, delay=9.7, delays=9.6/0.03/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)


      2. How does a Linux username correspond to the e-mail name of the user? It is not it always a match (username@domain), is it? We could have alias for it, how can I take this in consideration when composing the Regex for the grep?



      My first two attempts were a strike-out.



      sudo grep "to=<jsmith@" /var/log/maillog | grep 1[2-4]:[0-5][0-9]:[0-5][0-9]
      sudo grep -w "jsmith" /var/log/maillog | grep 1[2-4]:[0-5][0-9]:[0-5][0-9]


      I would appreciate any help or hints how can I get the proper grep together.










      share|improve this question















      Level 1, beginner here. Question about grep and maillog.



      I have a learning environment, based on Linux CentOS, with Postfix and SquirrelMail running, but my assignment is more in general.



      I need to find in the maillog e-mails received by a certain user within a certain time frame, based only on his Linux username.



      I see my maillog, but I am not experienced in reading maillog and I have two concerns:





      1. Whether or not these patterns that I see in the log are something reliable, i.e. whether a log for incoming e-mail will always have to=<EMAIL> in it.



        Jan 2 20:31:17 tmcent01 postfix/local[27450]: B58C4330038: to=<root@tmcent01.training5.tm>, orig_to=<postmaster>, relay=local, delay=9.7, delays=9.6/0.03/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)


      2. How does a Linux username correspond to the e-mail name of the user? It is not it always a match (username@domain), is it? We could have alias for it, how can I take this in consideration when composing the Regex for the grep?



      My first two attempts were a strike-out.



      sudo grep "to=<jsmith@" /var/log/maillog | grep 1[2-4]:[0-5][0-9]:[0-5][0-9]
      sudo grep -w "jsmith" /var/log/maillog | grep 1[2-4]:[0-5][0-9]:[0-5][0-9]


      I would appreciate any help or hints how can I get the proper grep together.







      centos grep logs postfix






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jul 29 '15 at 10:17

























      asked Jul 29 '15 at 7:19









      pmihova

      14




      14





      bumped to the homepage by Community yesterday


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







      bumped to the homepage by Community yesterday


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
























          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          Here's a simple sample script for you to try. It will search for user's aliases from the common /etc/aliases -file.



          #!/bin/bash
          #
          # Arguments:
          # $1 = user name to be searched for
          # $2 = location for e-mail log file
          #
          # First, let's create a temporary working directory.
          WORKDIR=$(mktemp -d)
          cd ${WORKDIR}
          #
          # Create a file for user's user name and all aliases.
          echo "to=<"$1 > search_key.txt
          #
          # Then, let's find out possible alises for the user.
          # Awk is used just to separate the first column.
          grep $1 /etc/aliases | awk 'BEGIN { FS=":" }; {print "to=<" $1}' >> search_key.txt
          #
          # Next, search for e-mails sent for all these.
          grep -f search_key.txt $2
          #
          # Finally, remove the working directory.
          rm -rf ${WORKDIR}
          #
          # All done.





          share|improve this answer





















          • Thank you for your answer, but this is a fixed assignment, it must be done with grep.
            – pmihova
            Jul 29 '15 at 10:19










          • If you can use only grep, then it is a bit difficult for you, in case you need to search for aliases also. But for the first question, just searching for "to=<username" should be sufficient, i.e. grep "to=<johndoe" /var/log/mail.log
            – Kalle
            Jul 29 '15 at 10:21













          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "106"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f218986%2fgrep-var-log-maillog-for-email-to-a-certain-user-based-only-on-his-linux-usern%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          Here's a simple sample script for you to try. It will search for user's aliases from the common /etc/aliases -file.



          #!/bin/bash
          #
          # Arguments:
          # $1 = user name to be searched for
          # $2 = location for e-mail log file
          #
          # First, let's create a temporary working directory.
          WORKDIR=$(mktemp -d)
          cd ${WORKDIR}
          #
          # Create a file for user's user name and all aliases.
          echo "to=<"$1 > search_key.txt
          #
          # Then, let's find out possible alises for the user.
          # Awk is used just to separate the first column.
          grep $1 /etc/aliases | awk 'BEGIN { FS=":" }; {print "to=<" $1}' >> search_key.txt
          #
          # Next, search for e-mails sent for all these.
          grep -f search_key.txt $2
          #
          # Finally, remove the working directory.
          rm -rf ${WORKDIR}
          #
          # All done.





          share|improve this answer





















          • Thank you for your answer, but this is a fixed assignment, it must be done with grep.
            – pmihova
            Jul 29 '15 at 10:19










          • If you can use only grep, then it is a bit difficult for you, in case you need to search for aliases also. But for the first question, just searching for "to=<username" should be sufficient, i.e. grep "to=<johndoe" /var/log/mail.log
            – Kalle
            Jul 29 '15 at 10:21

















          up vote
          0
          down vote













          Here's a simple sample script for you to try. It will search for user's aliases from the common /etc/aliases -file.



          #!/bin/bash
          #
          # Arguments:
          # $1 = user name to be searched for
          # $2 = location for e-mail log file
          #
          # First, let's create a temporary working directory.
          WORKDIR=$(mktemp -d)
          cd ${WORKDIR}
          #
          # Create a file for user's user name and all aliases.
          echo "to=<"$1 > search_key.txt
          #
          # Then, let's find out possible alises for the user.
          # Awk is used just to separate the first column.
          grep $1 /etc/aliases | awk 'BEGIN { FS=":" }; {print "to=<" $1}' >> search_key.txt
          #
          # Next, search for e-mails sent for all these.
          grep -f search_key.txt $2
          #
          # Finally, remove the working directory.
          rm -rf ${WORKDIR}
          #
          # All done.





          share|improve this answer





















          • Thank you for your answer, but this is a fixed assignment, it must be done with grep.
            – pmihova
            Jul 29 '15 at 10:19










          • If you can use only grep, then it is a bit difficult for you, in case you need to search for aliases also. But for the first question, just searching for "to=<username" should be sufficient, i.e. grep "to=<johndoe" /var/log/mail.log
            – Kalle
            Jul 29 '15 at 10:21















          up vote
          0
          down vote










          up vote
          0
          down vote









          Here's a simple sample script for you to try. It will search for user's aliases from the common /etc/aliases -file.



          #!/bin/bash
          #
          # Arguments:
          # $1 = user name to be searched for
          # $2 = location for e-mail log file
          #
          # First, let's create a temporary working directory.
          WORKDIR=$(mktemp -d)
          cd ${WORKDIR}
          #
          # Create a file for user's user name and all aliases.
          echo "to=<"$1 > search_key.txt
          #
          # Then, let's find out possible alises for the user.
          # Awk is used just to separate the first column.
          grep $1 /etc/aliases | awk 'BEGIN { FS=":" }; {print "to=<" $1}' >> search_key.txt
          #
          # Next, search for e-mails sent for all these.
          grep -f search_key.txt $2
          #
          # Finally, remove the working directory.
          rm -rf ${WORKDIR}
          #
          # All done.





          share|improve this answer












          Here's a simple sample script for you to try. It will search for user's aliases from the common /etc/aliases -file.



          #!/bin/bash
          #
          # Arguments:
          # $1 = user name to be searched for
          # $2 = location for e-mail log file
          #
          # First, let's create a temporary working directory.
          WORKDIR=$(mktemp -d)
          cd ${WORKDIR}
          #
          # Create a file for user's user name and all aliases.
          echo "to=<"$1 > search_key.txt
          #
          # Then, let's find out possible alises for the user.
          # Awk is used just to separate the first column.
          grep $1 /etc/aliases | awk 'BEGIN { FS=":" }; {print "to=<" $1}' >> search_key.txt
          #
          # Next, search for e-mails sent for all these.
          grep -f search_key.txt $2
          #
          # Finally, remove the working directory.
          rm -rf ${WORKDIR}
          #
          # All done.






          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Jul 29 '15 at 10:16









          Kalle

          3116




          3116












          • Thank you for your answer, but this is a fixed assignment, it must be done with grep.
            – pmihova
            Jul 29 '15 at 10:19










          • If you can use only grep, then it is a bit difficult for you, in case you need to search for aliases also. But for the first question, just searching for "to=<username" should be sufficient, i.e. grep "to=<johndoe" /var/log/mail.log
            – Kalle
            Jul 29 '15 at 10:21




















          • Thank you for your answer, but this is a fixed assignment, it must be done with grep.
            – pmihova
            Jul 29 '15 at 10:19










          • If you can use only grep, then it is a bit difficult for you, in case you need to search for aliases also. But for the first question, just searching for "to=<username" should be sufficient, i.e. grep "to=<johndoe" /var/log/mail.log
            – Kalle
            Jul 29 '15 at 10:21


















          Thank you for your answer, but this is a fixed assignment, it must be done with grep.
          – pmihova
          Jul 29 '15 at 10:19




          Thank you for your answer, but this is a fixed assignment, it must be done with grep.
          – pmihova
          Jul 29 '15 at 10:19












          If you can use only grep, then it is a bit difficult for you, in case you need to search for aliases also. But for the first question, just searching for "to=<username" should be sufficient, i.e. grep "to=<johndoe" /var/log/mail.log
          – Kalle
          Jul 29 '15 at 10:21






          If you can use only grep, then it is a bit difficult for you, in case you need to search for aliases also. But for the first question, just searching for "to=<username" should be sufficient, i.e. grep "to=<johndoe" /var/log/mail.log
          – Kalle
          Jul 29 '15 at 10:21




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Unix & Linux Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f218986%2fgrep-var-log-maillog-for-email-to-a-certain-user-based-only-on-his-linux-usern%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Accessing regular linux commands in Huawei's Dopra Linux

          Can't connect RFCOMM socket: Host is down

          Kernel panic - not syncing: Fatal Exception in Interrupt