Member Avatar for jjamd64

I have an email log that needs some parsing. Can anyone help me to use sed or awk to parse this log and return only the domain names, listing them only once and ignoring case?

Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@cimasys.net
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw
Dec 19 14:59:09 host53a pop3d: LOGIN, user=user@cimasys.net, ip=[::ffff:192.168.1.1]
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@design.com
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw
Dec 19 14:59:09 host53a pop3d: LOGIN, user=user@design.com, ip=[::ffff:192.168.1.1]
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@cimasys.net
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw
Dec 19 14:59:09 host53a pop3d: LOGIN, user=user@cimasys.net, ip=[::ffff:192.168.1.1]
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@altaven.net
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw
Dec 19 14:59:10 host53a pop3d: LOGIN, user=user@altaven.net, ip=[::ffff:192.168.1.1]
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=AUTH
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@seniorben.com
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw
Dec 19 14:59:10 host53a pop3d: LOGIN, user=user@seniorben.com, ip=[::ffff:192.168.1.1]
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=AUTH
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@seniorben.com
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw

desired output:
design.com
cimasys.net
altaven.net
seniorben.com

  • 3 Contributors
  • 2 Replies
  • 80 Views
  • 21 Hours Discussion Span
  • Latest Post Latest Post by radoulov

Recommended Answers

All 2 Replies

Member Avatar for eggi

Hey There,

Probably this would do the trick - not elegant but should work:

#!/bin/ksh

while read line
do
        awk -F"@" '{if ( $0 ~ /@/ ) print $2}'|awk -F"," '{print $1}' >>file.tmp
done < INPUTFILE
sort -u file.tmp >>output
rm file.tmp

Best wishes :)

,Mike

Member Avatar for radoulov 
awk 'NF>1&&!x[$2]++{print $2}' FS="username=[^@]*@" logfile

Use nawk or /usr/xpg4/bin/awk on Solaris.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.