0

I have an email log that needs some parsing. Can anyone help me to use sed or awk to parse this log and return only the domain names, listing them only once and ignoring case?

Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@cimasys.net
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw
Dec 19 14:59:09 host53a pop3d: LOGIN, user=user@cimasys.net, ip=[::ffff:192.168.1.1]
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@design.com
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw
Dec 19 14:59:09 host53a pop3d: LOGIN, user=user@design.com, ip=[::ffff:192.168.1.1]
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@cimasys.net
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw
Dec 19 14:59:09 host53a pop3d: LOGIN, user=user@cimasys.net, ip=[::ffff:192.168.1.1]
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@altaven.net
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw
Dec 19 14:59:10 host53a pop3d: LOGIN, user=user@altaven.net, ip=[::ffff:192.168.1.1]
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=AUTH
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@seniorben.com
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw
Dec 19 14:59:10 host53a pop3d: LOGIN, user=user@seniorben.com, ip=[::ffff:192.168.1.1]
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=AUTH
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@seniorben.com
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw

desired output:
design.com
cimasys.net
altaven.net
seniorben.com

3
Contributors
2
Replies
3
Views
9 Years
Discussion Span
Last Post by radoulov
0

Hey There,

Probably this would do the trick - not elegant but should work:

#!/bin/ksh

while read line
do
        awk -F"@" '{if ( $0 ~ /@/ ) print $2}'|awk -F"," '{print $1}' >>file.tmp
done < INPUTFILE
sort -u file.tmp >>output
rm file.tmp

Best wishes :)

,Mike

0
awk 'NF>1&&!x[$2]++{print $2}' FS="username=[^@]*@" logfile

Use nawk or /usr/xpg4/bin/awk on Solaris.

This article has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.