I am trying to extract conversations from a Postfix log file based on the client that initiated them. This is the awk script that extracts the matching message IDs:
awk '/client.host.name/ && !(/timeout/||/disconnect/) { sub(":","",$6);print $6}' maillog
This is using a standard Postfix maillog as input (see below for sample data). What I think I'd like to do is a multi-pass search of the file using the results of the first search, but I'm not sure if this is the right approach. Something similar to:
awk '/client.host.name/ && !(/timeout/||/disconnect/) {sub(":","",$6);msgid=$6} $0 ~ msgid {print $0}' maillog
But, naturally, this doesn't work as expected. I'm assuming I need to do one of the following things:
- Pipe the output from the first awk into a second awk or grep (not sure how to use piped input as a regex).
- Assign the first result set to an array and use the array as a search set. Something like:
awk '/app02/ && !(/timeout/ || /connect/) { sub(":","",$6);msgid[$6]=$6; } END { for(x in msgid) { print x; } }' maillog
I'm not sure how I'd proceed inside the for loop though. Is there a way in awk to "rewind" the file and then grab all lines that match any element within an array? - Scrap the whole deal and try it using Perl.
So, for the awk gurus... is there any way to accomplish what I'm looking for using awk?
Sample data:
Jul 19 05:07:57 relay postfix/smtpd[5462]: C48F6CE83FA: client=client.dom.lcl[1.2.3.4]
Jul 19 05:07:57 relay postfix/cleanup[54]: C48F6CE83FA: message-id=<[email protected]>
Jul 19 05:07:57 relay postfix/qmgr[12345]: C48F6CE83FA: from=, size=69261, nrcpt=6 (queue active)
Jul 19 05:08:04 relay postfix/smtp[54205]: C48F6CE83FA: to=, relay=in.example.org[12.23.34.5]:25, delay=0.7, delays=0.05/0/0.13/0.51, dsn=2.0.0, status=sent (250 ok: Message 200012345 accepted)
Jul 19 05:14:08 relay postfix/qmgr[12345]: C48F6CE83FA: removed`