2007-01-05

Quick and dirty regexen search for spamd & postfix logs


#!/usr/bin/env python
#-------------------------------------------------------------
# Name: finder.py
# Purpose: This is a script to search through Posfix
# and spamd logs for the last x days and return
# hits. Mostly it is a quick and dirty way to
# find entris regarding emails blocked by
# spamd/postfix
# Author: Reed L. O'Brien reed at reedobrien com
#
# Created: 2007-01-05
# Modified: 2007-01-05
# Copyright: (c) Reed L. O'Brien 2007
# License: DWYWWI (improvements welcome)
#--------------------------------------------------------------


#Do the imports
import os, re, bz2, sys, time

# make sure there is a regex
try:
# compile the regex
regx = re.compile(sys.argv[1], re.IGNORECASE)
except IndexError:
print """
usage:
finder [days back to search]

ex: finder foobar 2
will find all occurences of 'foobar' in the last 2
days of spamd and maillog files.\n\tThe number of days
is optional and defaults to 1 if not given."""
sys.exit(0)

# empty list to store hits in
found = []

# move to the log directory
os.chdir('/var/log')
# Start a counter for the number counted
s = 0

#get and set days
try:
days = int(sys.argv[2])
except:
days = 1
# Get a list of qualifying files NOTE: you may need stat(x).[st_ctime|st_mtime] depending on your OS
L = [f for f in os.listdir('.')
if os.stat(f).st_birthtime > time.time() - (days * 86400)
and (f.startswith('spamd') or f.startswith('maillog'))]
# get a count of how many files to search
n = len(L)

# start a loop on the list
for f in L:
# If it is a bz2 open it as a bz2 object
if (f.startswith('spamd') or f.startswith('maillog')) and f.endswith('2'):
# tell em what is happening
sys.stdout.write("\rsearching: %2s remain %s " % (f,n))
sys.stdout.flush()
# set a line count
c = 1
# get a handle on the file
handle = bz2.BZ2File(f)
# iterate through the lines
for line in handle:
# if the regex is found
if regx.search(line):
# append the filename, line count and line content to the found list

found.append("%-10s : %s\n%s" % (c, f, line))
# increment the line count
c += 1
else:
# or just increment the count if no regex match
c += 1
# decrement the number of files remaining
n -= 1
# increment the number of files searched
s += 1

## DO the same as above as a regular file object if not a bz2 file SEE NOTES FOR last loop
if (f.startswith('spamd') or f.startswith('maillog')) and not f.endswith('2'):
sys.stdout.write("\rsearching: %2s remain %s " % (f,n))
sys.stdout.flush()
c = 1
handle = open(f)
for line in handle:
if regx.search(line):
found.append("%-10s : %s\n%s" % (c, f, line))
c += 1
else:
c += 1
n -= 1
s += 1
##make some space to overwrite the sys.stdout text
print '\n\n\n\n\n'
print 'Searched:', s # Print how many files were searched

#print the results from the found list.
for x in found:
print x

No comments: