Two-Find-And-Format Logfile Summary Tool

0 Likes
Trying to find some abuse of our email system we wanted to get a quick list with date, time, sender and recipient of mail to internet.

In the GWIA log-files this information is on separate lines. And if you get information of multiple day's, you also need part of the filename.

So I wrote this (configurable) tool. It uses a tfaf.ini file (example in the ZIP file) and commandline parameters.

To get information of all your GWIA logfiles, you can use:

for %I in (????GWIA.*) do TFAF /sf=%I /rf=result.txt

Information on use of the program is given starting the program without parameters.

Questions, suggestions, whishes: tfaf@switact.nl

Labels:

How To-Best Practice
Comment List
Anonymous
Parents
  • This program doesn't take into account for how the GWIA processes multiple messages concurrently. An incoming message and an outgoing message could be logged before all the recipients are listed for the incoming message.

    This program simply takes the recipients and apply them to the last sender from a GWIA log. There is a MSG number that keeps the records tied together. This program ignores it.

    For example (bolded records belong together):
    GWIA LOG - Stripped down
    08:00:00 040 MSG 100001 Sender: Smith@YourDomain.com
    08:00:00 040 MSG 100001 Recipient: Someone@OtherDomain.com
    08:00:00 03C MSG 100002 Processing inbound message:
    08:00:00 03C MSG 100002 Sender: news@newssource.com
    08:00:00 03C MSG 100002 Recipient: Jones@YourDomain.com
    08:00:00 040 MSG 100001 Recipient: Sometwo@OtherDomain.com
    08:00:00 03C MSG 100002 Queuing to MTA

    This program will incorrectly show that news@newssource.com sent a message to Sometwo@OtherDomain.com, both of which are outside YourDomain.com
Comment
  • This program doesn't take into account for how the GWIA processes multiple messages concurrently. An incoming message and an outgoing message could be logged before all the recipients are listed for the incoming message.

    This program simply takes the recipients and apply them to the last sender from a GWIA log. There is a MSG number that keeps the records tied together. This program ignores it.

    For example (bolded records belong together):
    GWIA LOG - Stripped down
    08:00:00 040 MSG 100001 Sender: Smith@YourDomain.com
    08:00:00 040 MSG 100001 Recipient: Someone@OtherDomain.com
    08:00:00 03C MSG 100002 Processing inbound message:
    08:00:00 03C MSG 100002 Sender: news@newssource.com
    08:00:00 03C MSG 100002 Recipient: Jones@YourDomain.com
    08:00:00 040 MSG 100001 Recipient: Sometwo@OtherDomain.com
    08:00:00 03C MSG 100002 Queuing to MTA

    This program will incorrectly show that news@newssource.com sent a message to Sometwo@OtherDomain.com, both of which are outside YourDomain.com
Children
No Data
Related Discussions
Recommended