I have an email log that needs some parsing. Can anyone help me to use sed or awk to parse this log and return only the domain names, listing them only once and ignoring case?

Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@cimasys.net
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw
Dec 19 14:59:09 host53a pop3d: LOGIN, user=user@cimasys.net, ip=[::ffff:192.168.1.1]
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@design.com
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw
Dec 19 14:59:09 host53a pop3d: LOGIN, user=user@design.com, ip=[::ffff:192.168.1.1]
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@cimasys.net
Dec 19 14:59:09 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw
Dec 19 14:59:09 host53a pop3d: LOGIN, user=user@cimasys.net, ip=[::ffff:192.168.1.1]
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@altaven.net
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw
Dec 19 14:59:10 host53a pop3d: LOGIN, user=user@altaven.net, ip=[::ffff:192.168.1.1]
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=AUTH
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@seniorben.com
Dec 19 14:59:10 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw
Dec 19 14:59:10 host53a pop3d: LOGIN, user=user@seniorben.com, ip=[::ffff:192.168.1.1]
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=AUTH
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=USER
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], command=PASS
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], username=user@seniorben.com
Dec 19 14:59:11 host53a pop3d: LOGIN: DEBUG: ip=[::ffff:192.168.1.1], password=pw

desired output:
design.com
cimasys.net
altaven.net
seniorben.com

Hey There,

Probably this would do the trick - not elegant but should work:

#!/bin/ksh

while read line
do
        awk -F"@" '{if ( $0 ~ /@/ ) print $2}'|awk -F"," '{print $1}' >>file.tmp
done < INPUTFILE
sort -u file.tmp >>output
rm file.tmp

Best wishes :)

,Mike

awk 'NF>1&&!x[$2]++{print $2}' FS="username=[^@]*@" logfile

Use nawk or /usr/xpg4/bin/awk on Solaris.

This article has been dead for over six months. Start a new discussion instead.