Analyse de log en continu
Bonjour
Notre serveur de mail crache des logs tres volumineuses, je souhaite les envoyer dans un script perl mais la je seche sur la meilleure solution a utiliser.
Les information intéressantes sont présentes sur plusieurs ligne identifiables via un id
Ci dessous un exemple :
Apr 15 09:47:04 MAILSRV rprt: s=n5ntw8gq0 mod=session cmd=connect ip=23.85.98.81 country=us lip=172.192.33.12 prot=smtp:smtp routes= notroutes=internalnet,outbound,psm_client_users,spfsafe,tls perlwait=0.001
Apr 15 09:47:04 MAILSRV rprt: s=n5ntw8gq0 mod=session cmd=resolve host=mail-bw0-f221.google.com resolve=ok reverse=mail-bw0-f221.google.com routes= notroutes=firewallsafe
Apr 15 09:47:04 MAILSRV rprt: s=n5ntw8gq0 m=1 x=n5ntw8gq0-1 mod=mail cmd=env_from value=emailsender@gmail.com qid=n5ntw8gq0-1 tls= routes= notroutes=SenderAdressInbound host=mail-bw0-f221.google.com ip=23.85.98.81
Apr 15 09:47:04 MAILSRV rprt: s=n5ntw8gq0 m=1 x=n5ntw8gq0-1 mod=access cmd=run rule=spamsafe duration=0.000
Apr 15 09:47:04 MAILSRV rprt: s=n5ntw8gq0 m=1 x=n5ntw8gq0-1 mod=session cmd=judge module=access rule=spamsafe
Apr 15 09:47:04 MAILSRV rprt: s=n5ntw8gq0 m=1 x=n5ntw8gq0-1 mod=session cmd=dispose module=access rule=spamsafe action=execute value="svar('SpamScore', 0)"
Apr 15 09:47:04 MAILSRV rprt: s=n5ntw8gq0 m=1 x=n5ntw8gq0-1 mod=mail cmd=env_rcpt r=1 value=emailrecipent@mydomain.co.uk verified=1 routes=default_inbound,inbound
Apr 15 09:47:04 MAILSRV rprt: s=n5ntw8gq0 m=1 x=n5ntw8gq0-1 mod=mail cmd=attachment id=0 file=text.txt mime=text/plain type=txt omime=text/plain oext=txt corrupted=0 protected=0 size=61 virtual=0 a=0
Apr 15 09:47:04 MAILSRV rprt: s=n5ntw8gq0 m=1 x=n5ntw8gq0-1 mod=mail cmd=attachment id=0 file=text.html mime=text/html type=html omime=text/html oext=html corrupted=0 protected=0 size=64 virtual=0 a=0
Apr 15 09:47:04 MAILSRV rprt: s=n5ntw8gq0 m=1 x=n5ntw8gq0-1 mod=access cmd=run rule=spamsafe duration=0.001
Apr 15 09:47:04 MAILSRV rprt: s=n5ntw8gq0 m=1 x=n5ntw8gq0-1 mod=session cmd=judge module=access rule=spamsafe
Apr 15 09:47:04 MAILSRV rprt: s=n5ntw8gq0 m=1 x=n5ntw8gq0-1 mod=session cmd=dispose module=access rule=spamsafe action=execute value="svar('SpamScore', 0)"
Apr 15 09:47:04 MAILSRV rprt: s=n5ntw8gq0 m=1 x=n5ntw8gq0-1 mod=av cmd=run rule=virusdefault_clean name= cleaned=0 vendor=fsecure duration=0.000
Apr 15 09:47:04 MAILSRV rprt: s=n5ntw8gq0 m=1 x=n5ntw8gq0-1 mod=spam cmd=run rule=isaspam_safe policy=isaspam score=0 classifier= adjust=0 reason=safe engine=5.0.0-0908210000 definitions=main-1004150009 raw=0 tests=PP_FORCED_SCORE duration=0.000
Apr 15 09:47:04 MAILSRV m=1 x=n5ntw8gq0-1 mod=session cmd=judge module=av rule=virusdefault_clean
Apr 15 09:47:04 MAILSRV rprt: s=n5ntw8gq0 m=1 x=n5ntw8gq0-1 mod=session cmd=judge module=spam rule=isaspam_safe
Apr 15 09:47:04 MAILSRV rprt: s=n5ntw8gq0 m=1 x=n5ntw8gq0-1 cmd=send profile=mail qid=o3F7gVAF004026 emailrecipent@mydomain.co.uk
Apr 15 09:47:04 MAILSRV rprt: s=n5ntw8gq0 m=1 x=n5ntw8gq0-1 mod=mail cmd=msg module=av rule=virusdefault_clean action=continue attachments=0 rcpts=1 routes=default_inbound,inbound size=1897 guid=d2be999d68dd942ae3812c8bbdd25e81 hdr_mid=<
Je souhaite transformer ce bloc en une ligne type :
Apr 15 09:47:04 MAILSRV cmd=env_from value=emailsender@gmail.com cmd=env_rcpt r=1 emailrecipent@mydomain.co.uk size=1897 guid=d2be999d68dd942ae3812c8bbdd25e81 qid=n5ntw8gq0-1
Le script va directement recevoir les lignes en STDIN.
Quelle logique utiliser ?
