[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sidewinder
Subject:    [Sidewinder] Parsing Of E-mail Logs - Clarification
From:       sidewinder () adeptech ! com
Date:       2004-06-25 16:45:35
Message-ID: 200406251748.i5PHmuq09209 () aag ! adeptech ! com
[Download RAW message or body]

Both SMA and Sawmill are good for general log summaries, but does not give the detail \
I would like to see for my support people.

Our support people always get calls from a user saying that their E-mail was not \
received by the recipient or they did not get an E-mail that was supposedly sent. \
This involves finding the specific E-mail in the logs, then finding all three entries \
to show what happened to it. 99.9% of the time it went through without an issue or \
was never sent, but this information is required.

What I would like to do is take my standard sendmail log files, say for the INBOUND \
message:

INBOUND MESSAGE RAW ENTRIES:

Jun 24 10:07:49 firewall sendmail(1)[16611]: i5OF7nnq016611: from=<sender>, \
proto=SMTP, daemon=MTA, relay=server.their.domain [216.0.0.0]

Jun 24 10:07:49 firewall sendmail(2)[16615]: i5OF7nnq016611: to=<recipient>, \
delay=00:00:00, xdelay=00:00:00, mailer=smtp, pri=120279, relay=server.my.domain. \
[10.0.0.0], dsn=2.0.0, stat=Sent (OK - Data received)

Jun 24 10:07:50 firewall sendmail(1)[16614]: i5OF7nnq016611: to=<recipient>, \
delay=00:00:01, xdelay=00:00:01, mailer=mfil-12, pri=30279, relay=server.my.domain, \
dsn=2.0.0, stat=Sent


Have something parse the log and come up with something like:

     Message: i5OF7nnq016611
     Time Stamp: Jun 24 10:07:49
     Firewall: firewall
     From: sender
     Relay: server.their.domain [216.0.0.0]
     To: recipient
     Status: Sent
     DSN: 2.0.0
     Delay: 00:00:01

And be able to export that information as a line:

i5OF7nnq016611,Jun 24 10:07:49,firewall,sender,server.their.domain \
[216.0.0.0],recipient,Sent,2.0.0,00:00:01

So this line could be imported into Excel or into Access or SQL for the support \
personnel to have a database/spreadsheet to refer to. We often find that the person \
waits a week or two and with the volume of E-mail and number of logs we keep the \
entry is long gone.



The outbound messages would be something like:


OUTBOUND MESSAGE RAW ENTRIES:

Jun 24 12:14:20 firewall sendmail(2)[29246]: i5OHEKQ8029246: from=<sender>, size=938, \
class=0, nrcpts=1, msgid=<xxxxxxxx@server>, proto=ESMTP, daemon=MTA, \
relay=server.my.domain [10.0.0.0]

Jun 24 12:14:29 firewall sendmail(1)[29265]: i5OHEKQ8029246: to=<recipient>, \
delay=00:00:09, xdelay=00:00:09, mailer=esmtp, pri=120687, relay=server.their.domain. \
[204.0.0.0], dsn=2.0.0, stat=Sent (Message accepted for delivery)

Jun 24 12:14:29 firewall sendmail(2)[29263]: i5OHEKQ8029246: to=<recipient>, \
delay=00:00:09, xdelay=00:00:09, mailer=mfil-21, pri=30687, relay=server.my.domain, \
dsn=2.0.0, stat=Sent


     Message: i5OHEKQ8029246
     Time Stamp: Jun 24 10:07:49
     Firewall: firewall
     From: sender
     Size: 938
     Relay: server.my.domain [10.0.0.0]
     To: recipient
     Relay: server.their.domain. [204.0.0.0]
     Status: Sent
     DSN: 2.0.0
     Delay: 00:00:09
     Message from External Relay: Message accepted for delivery

And be able to export that information as a line:

i5OHEKQ8029246,Jun 24 10:07:49,firewall,sender,938,server.my.domain \
[10.0.0.0],recipient,server.their.domain. [204.0.0.0],Sent,2.0.0,00:00:09,Message \
accepted for delivery

Information such as this would give us the ability to see which of our internal mail \
servers are having issues, not working, working too hard. It would also allow us to \
know who are biggest senders and recipients are and the size of E-mail going through. \
Neither SMA nor Sawmill give us that level of detail, and since the logs are mixed \
together and across multiple entries a simple find/replace would not work. I have \
tried several of the programs that come up in google searches and none of them give \
me the level of detail that I require, and none of them can export the information..

If I could, I would even like to record the protocol and message ID

Hope this helps clarify what I am looking for.

Richard St. John
Graybar Electric Company



_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic