Exigrep patch to allow it to handle syslog files.
[exim.git] / src / src / exigrep.src
CommitLineData
059ec3d9 1#! PERL_COMMAND -w
395ff96d 2# $Cambridge: exim/src/src/exigrep.src,v 1.3 2005/08/01 13:28:30 ph10 Exp $
059ec3d9
PH
3
4use strict;
5
6# Copyright (c) 2004 University of Cambridge.
7# See the file NOTICE for conditions of use and distribution.
8
9# Except when they appear in comments, the following placeholders in this
10# source are replaced when it is turned into a runnable script:
11#
12# PERL_COMMAND
13# ZCAT_COMMAND
14# COMPRESS_SUFFIX
15
16# PROCESSED_FLAG
17
18# This is a perl script which extracts from an Exim log all entries
19# for all messages that have an entry that matches a given pattern.
20# If *any* entry for a particular message matches the pattern, *all*
21# entries for that message are displayed.
22
23# We buffer up information on a per-message basis. It is done this way rather
24# than reading the input twice so that the input can be a pipe.
25
26# There must be one argument, which is the pattern. Subsequent arguments
27# are the files to scan; if none, the standard input is read. If any file
28# appears to be compressed, it is passed through zcat. We can't just do this
29# for all files, because zcat chokes on non-compressed files.
30
31use Getopt::Std qw(getopts);
32use POSIX qw(mktime);
33
34
35# This subroutine converts a time/date string from an Exim log line into
36# the number of seconds since the epoch. It handles optional timezone
37# information.
38
39sub seconds {
40my($year,$month,$day,$hour,$min,$sec,$tzs,$tzh,$tzm) =
41 $_[0] =~ /^(\d{4})-(\d\d)-(\d\d)\s(\d\d):(\d\d):(\d\d)(?>\s([+-])(\d\d)(\d\d))?/;
42
43my $seconds = mktime $sec, $min, $hour, $day, $month - 1, $year - 1900;
44
45if (defined $tzs)
46 {
47 $seconds -= $tzh * 3600 + $tzm * 60 if $tzs eq "+";
48 $seconds += $tzh * 3600 + $tzm * 60 if $tzs eq "-";
49 }
50
51return $seconds;
52}
53
54
55# This subroutine processes a single line (in $_) from a log file. Program
56# defensively against short lines finding their way into the log.
57
58my (%saved, %id_list, $pattern, $queue_time);
59
60sub do_line {
395ff96d
PH
61
62# Convert syslog lines to mainlog format, as in eximstats.
63
64if (! /^\\d{4}/) { $_ =~ s/^.*? exim\b.*?: //; }
65
059ec3d9
PH
66return unless
67 my($date,$entry) = /^(\d{4}-\d\d-\d\d \d\d:\d\d:\d\d (?:[+-]\d{4} )?)(.*)/;
68
69# Handle the case when the log line belongs to a specific message. We save
70# lines for specific messages until the message is complete. Then either print
71# discard.
72
73if (my($id) = $entry =~ /^(\w{6}\-\w{6}\-\w{2})/)
74 {
75 $saved{$id} = '' unless defined($saved{$id});
76
77 # Save up the data for this message in case it becomes interesting later.
78
79 $saved{$id} .= $_;
80
81 # Are we interested in this id ?
82
83 $id_list{$id} = 1 if /$pattern/io;
84
85 # See if this is a completion for some message. If it is interesting,
86 # print it, but in any event, throw away what was saved.
87
88 if ($entry =~
55ee9ee3 89 /(?:Completed|rejected (?:by local_scan|by non-SMTP ACL|after DATA))/)
059ec3d9
PH
90 {
91 if ($saved{$id} =~ /^(\d{4}-\d\d-\d\d \d\d:\d\d:\d\d ([+-]\d{4} )?)(\w{6}\-\w{6}\-\w{2})/)
92 {
93 my $old_sec = &seconds($1);
94 my $sec = &seconds($date);
95 delete $id_list{$id} if $id_list{$id} && $sec - $old_sec <= $queue_time;
96 }
97
98 if ($id_list{$id})
99 {
100 delete $id_list{$id};
101 print "$saved{$id}\n";
102 }
103
104 delete $saved{$id};
105 }
106 }
107
108# Handle the case where the log line does not belong to a specific message.
109# Print it if it is interesting.
110
111elsif ($entry =~ /$pattern/io) { print "$_\n"; }
112}
113
114
115# The main program. Extract the pattern and make sure any relevant characters
116# are quoted if the -l flag is given. The -t flag gives a time-on-queue value
117# which is an additional condition.
118
119getopts('lt:',\my %args);
120$queue_time = $args{'t'}? $args{'t'} : -1;
121
122die "usage: exigrep [-l] [-t <seconds>] <pattern> [<log file>]...\n"
123 if ($#ARGV < 0);
124
125$pattern = shift @ARGV;
126$pattern = quotemeta $pattern if $args{l};
127
128
129# If file arguments are given, open each one and process according as it is
130# is compressed or not.
131
132if (@ARGV)
133 {
134 foreach (@ARGV)
135 {
136 my $filename = $_;
137 if ($filename =~ /\.(?:COMPRESS_SUFFIX)$/)
138 {
139 open(LOG, "ZCAT_COMMAND $filename |") ||
140 die "Unable to zcat $filename: $!\n";
141 }
142 else
143 {
144 open(LOG, "<$filename") || die "Unable to open $filename: $!\n";
145 }
146 do_line() while (<LOG>);
147 close(LOG);
148 }
149 }
150
151# If no files are named, process STDIN only
152
153else { do_line() while (<STDIN>); }
154
155# At the end of processing all the input, print any uncompleted data
156
157for (keys %id_list) { print "+++ $_ not completed +++\n$saved{$_}\n;" }
158
159# End of exigrep