From owner-freebsd-questions@FreeBSD.ORG Sat Jun 13 00:36:42 2015 Return-Path: Delivered-To: freebsd-questions@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CE1902DE for ; Sat, 13 Jun 2015 00:36:42 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 908F3C88 for ; Sat, 13 Jun 2015 00:36:42 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de (port-92-195-111-193.dynamic.qsc.de [92.195.111.193]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx02.qsc.de (Postfix) with ESMTPS id 8E80B276E6; Sat, 13 Jun 2015 02:36:31 +0200 (CEST) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id t5D0aVF9002407; Sat, 13 Jun 2015 02:36:31 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Sat, 13 Jun 2015 02:36:31 +0200 From: Polytropon To: "Lt. Commander" Cc: "freebsd-questions@freebsd.org" , "sageame@sageweb.net" Subject: Re: Script question Message-Id: <20150613023631.db821f0c.freebsd@edvax.de> In-Reply-To: References: Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jun 2015 00:36:42 -0000 On Fri, 12 Jun 2015 18:53:25 -0500, Lt. Commander wrote: > Am running fbsd-9.3 and sendmail-8.15 plus spamassassin. > > I would like to be able to scan the daily maillog with a script > at midnight to extract a list by selecting spam recognized and > contained using the constant "score=(greater than x) and from > that a list of just the IPs which will be placed in a spam file > as part of a spam system here. Am tired of some getting past > spamass even though it exceeds a reasonable tag level. What you're describing here sounds like the typical functionality of a spam filter. None of the present solutions fits your needs? > I do know how to extract just the IP from a line in the log, > but not sure what the syntax should be to first ID the "score= in a simple sh shell script. If you can provide an anonymized example from such a log line, you might get a direct suggestion. At this point, if you have to use sh tools (sh, sed, awk, cut, grep et al.), you can probably do this the easiest using awk, with a pattern that matches the spam score criteria, and then trim the line down to the information (here: IP) you need. Surely you can also do this with a "grep | sed | cut pipeline", but awk can probably do this alone. Anyway, also consider perl which is "the typical tool" for the task of "log distillation". :-) > I hope this has been presented clear enough to gather some help on this task. It is. An example of your input and desired output would have been nice. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...