Скрипт для поиска в логах на релее postfix исходящих/входящих сообщений, включая архивы

cat mail_check_from_to.sh

#!/bin/bash
p=`pwd`
echo "1 - искать по входящим"
echo "2 - искать по исходящим"
echo "3 - искать с указанием входящего и исходящего"
echo ""
echo "4 - искать по входящим во всех архивах"
echo "5 - искать по исходящим во всех архивах"
echo "6 - искать с указанием входящего и исходящего во всех архивах.  Отрабатывает долго, минуты 2-3"
echo ""
read first_otver
log_not_archive=`ls /var/log/maillog* | grep -v gz | grep -v maillog$`


function vhod {
for i in `cat /var/log/maillog | grep -i from | grep $domen | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do grep $i /var/log/maillog && echo "------"; done
echo ""
echo "______________________________________________________________________________________"
echo "теперь посмотрим в логе: $log_not_archive"
echo ""
echo "______________________________________________________________________________________"
for i in `cat $log_not_archive | grep -i from | grep $domen | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do grep $i $log_not_archive && echo "------"; done
}

function ishod {
for i in `cat /var/log/maillog | grep -i to | grep $domen | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do grep $i /var/log/maillog && echo "------"; done
echo ""
echo "______________________________________________________________________________________"
echo "теперь посмотрим в логе: $log_not_archive"
echo ""
echo "______________________________________________________________________________________"
for i in `cat $log_not_archive | grep -i to | grep $domen | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do grep $i $log_not_archive && echo "------"; done
}

function ishod_vhod {
for i in `cat /var/log/maillog | grep -i from | grep $domen_ishod | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do grep $i /var/log/maillog | grep $domen_vhod | awk '{print $6}'; done > $p/ind
for i in `cat $p/ind`; do grep $i /var/log/maillog && echo "------"; done
rm -rf $p/ind
echo ""
echo "______________________________________________________________________________________"
echo "теперь посмотрим в логе: $log_not_archive"
echo ""
echo "______________________________________________________________________________________"
for i in `cat $log_not_archive | grep -i from | grep $domen_ishod | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do grep $i $log_not_archive | grep $domen_vhod | awk '{print $6}'; done > $p/ind
for i in `cat $p/ind`; do grep $i $log_not_archive && echo "------"; done
rm -rf $p/ind
}




function vhod_in_arh {
for i in `zcat /var/log/maillog*.gz | grep -i from | grep $domen | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do zcat /var/log/maillog*.gz | grep $i && echo "------"; done
}

function ishod_in_arh {
for i in `zcat /var/log/maillog*.gz | grep -i to   | grep $domen | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do zcat /var/log/maillog*.gz | grep $i && echo "------"; done
}

function ishod_vhod_in_arh {
for i in `zcat /var/log/maillog*.gz | grep -i from | grep $domen_ishod | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do zcat /var/log/maillog*.gz |grep $i | grep $domen_vhod | awk '{print $6}'; done > $p/ind
for i in `cat $p/ind`; do zcat /var/log/maillog*.gz |grep $i && echo "------"; done
rm -rf $p/ind
}




case $first_otver in
        1)
        echo "укажите email входящий"
        read domen
        vhod
        echo ""
        ;;
        2)
        echo "укажите email исходящий"
        read domen
        ishod
        echo ""
        ;;
        3)
        echo "укажите email отправитель"
        read domen_ishod
        echo "укажите email получатель"
        read domen_vhod
        ishod_vhod
        echo ""
        ;;
        4)
        echo "укажите email входящий"
        read domen
        vhod_in_arh
        echo ""
        ;;
        5)
        echo "укажите email исходящий"
        read domen
        ishod_in_arh
        echo ""
        ;;
        6)
        echo "укажите email отправитель"
        read domen_ishod
        echo "укажите email получатель"
        read domen_vhod
        ishod_vhod_in_arh
        echo ""
        ;;
esac

100

101

102

103

104

105

106

107

108

109

110

111

#!/bin/bash

p=`pwd`

echo "1 - искать по входящим"

echo "2 - искать по исходящим"

echo "3 - искать с указанием входящего и исходящего"

echo ""

echo "4 - искать по входящим во всех архивах"

echo "5 - искать по исходящим во всех архивах"

echo "6 - искать с указанием входящего и исходящего во всех архивах. Отрабатывает долго, минуты 2-3"

echo ""

read first_otver

log_not_archive=`ls /var/log/maillog* | grep -v gz | grep -v maillog$`

function vhod {

for i in `cat /var/log/maillog | grep -i from | grep $domen | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do grep $i /var/log/maillog && echo "------"; done

echo ""

echo "______________________________________________________________________________________"

echo "теперь посмотрим в логе: $log_not_archive"

echo ""

echo "______________________________________________________________________________________"

for i in `cat $log_not_archive | grep -i from | grep $domen | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do grep $i $log_not_archive && echo "------"; done

}

function ishod {

for i in `cat /var/log/maillog | grep -i to | grep $domen | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do grep $i /var/log/maillog && echo "------"; done

echo ""

echo "______________________________________________________________________________________"

echo "теперь посмотрим в логе: $log_not_archive"

echo ""

echo "______________________________________________________________________________________"

for i in `cat $log_not_archive | grep -i to | grep $domen | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do grep $i $log_not_archive && echo "------"; done

}

function ishod_vhod {

for i in `cat /var/log/maillog | grep -i from | grep $domen_ishod | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do grep $i /var/log/maillog | grep $domen_vhod | awk '{print $6}'; done > $p/ind

for i in `cat $p/ind`; do grep $i /var/log/maillog && echo "------"; done

rm -rf $p/ind

echo ""

echo "______________________________________________________________________________________"

echo "теперь посмотрим в логе: $log_not_archive"

echo ""

echo "______________________________________________________________________________________"

for i in `cat $log_not_archive | grep -i from | grep $domen_ishod | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do grep $i $log_not_archive | grep $domen_vhod | awk '{print $6}'; done > $p/ind

for i in `cat $p/ind`; do grep $i $log_not_archive && echo "------"; done

rm -rf $p/ind

}

function vhod_in_arh {

for i in `zcat /var/log/maillog*.gz | grep -i from | grep $domen | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do zcat /var/log/maillog*.gz | grep $i && echo "------"; done

}

function ishod_in_arh {

for i in `zcat /var/log/maillog*.gz | grep -i to | grep $domen | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do zcat /var/log/maillog*.gz | grep $i && echo "------"; done

}

function ishod_vhod_in_arh {

for i in `zcat /var/log/maillog*.gz | grep -i from | grep $domen_ishod | awk '{print $6}' | grep -vEi 'Anonymous|connect|disconnect|setting|setting|Untrusted'`; do zcat /var/log/maillog*.gz |grep $i | grep $domen_vhod | awk '{print $6}'; done > $p/ind

for i in `cat $p/ind`; do zcat /var/log/maillog*.gz |grep $i && echo "------"; done

rm -rf $p/ind

}

case $first_otver in

echo "укажите email входящий"

read domen

vhod

echo ""

;;

echo "укажите email исходящий"

read domen

ishod

echo ""

;;

echo "укажите email отправитель"

read domen_ishod

echo "укажите email получатель"

read domen_vhod

ishod_vhod

echo ""

;;

echo "укажите email входящий"

read domen

vhod_in_arh

echo ""

;;

echo "укажите email исходящий"

read domen

ishod_in_arh

echo ""

;;

echo "укажите email отправитель"

read domen_ishod

echo "укажите email получатель"

read domen_vhod

ishod_vhod_in_arh

echo ""

;;

esac

Пн	Вт	Ср	Чт	Пт	Сб	Вс
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Centos

Скрипт для поиска в логах на релее postfix исходящих/входящих сообщений, включая архивы

https://github.com/midnight47/