Skip to content

Instantly share code, notes, and snippets.

@three18ti

three18ti/smartermail_parser

Created July 4, 2012 18:26
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save three18ti/3048744 to your computer and use it in GitHub Desktop.
Save three18ti/3048744 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
smartermail_parser
#!/usr/bin/perl
use 5.014;
use Tie::IxHash;
use Data::Dumper;
my $smartermail_directory = './Prime/';
my $search_string = 'jason@primelogisticsint.com';
# storage vars
my $auth_count = {};
my $date_list = {};
#foreach (<$smartermail_directory*>) {
# my ($date) = m/(\d{4}\.\d{2}\.\d{2})/;
# $date_list->{$date} = 1;
#}
$date_list->{'2012.06.18'} = 1;
foreach my $date (sort keys %$date_list) {
my $smtp_logfile = $date . '-smtpLog.log';
my $delivery_logfile = $date . '-delivery.log';
print "Begin Parsing $smtp_logfile, $delivery_logfile\n";
my $smtp_log = $smartermail_directory . $smtp_logfile;
my $delivery_log = $smartermail_directory . $delivery_logfile;
my $threads = {};
tie %$threads, 'Tie::IxHash';
# open log files
open my $SMTP_IN, '<', $smtp_log or die "can't open $smtp_log";
open my $DELIVERY_IN, '<', $delivery_log or die "cant't open $smtp_log";
my @smtp_in = <$SMTP_IN>;
my @delivery_in = <$DELIVERY_IN>;
close $SMTP_IN;
close $DELIVERY_IN;
say "Looking for Authenticated as $search_string";
my @auth_list = grep {/Authenticated as $search_string/ } @smtp_in;
say "Parsing for thread IDs";
foreach (@auth_list) {
s/\r\n//;
my ($timestamp, $ip_thread_id, $message) = split/ /;
my ($ip, $thread_id) = split/\]\[/,$ip_thread_id;
$ip =~ s/\[//;
$thread_id =~ s/\]//;
$auth_count->{$ip} += 1;
$threads->{$thread_id} = {};
}
print "Parsing for the full thread\n";
foreach my $thread_id (keys %$threads) {
# parse thread
my @thread = grep {/$thread_id/} @smtp_in;
s/\r\n// foreach @thread;
$threads->{$thread_id}->{smtp_body} = \@thread;
# parse timestamp
my ($timestamp) = split/ /,$threads->{$thread_id}->{smtp_body};
$threads->{$thread_id}->{smtp_timestamp} = $timestamp;
#parse recipients
my @recipients;
my @recipient_line = grep {/RCPT TO/} @thread;
foreach (@recipient_line) {
my ($recipient) = m/\<(.*)\>/;
push @recipients, lc $recipient;
}
$threads->{$thread_id}->{smtp_recipients} = \@recipients;
}
my $delivery_ids = {};
tie %$delivery_ids, 'Tie::IxHash';
my $delivery_threads = {};
tie %$delivery_threads, 'Tie::IxHash';
print "Dividing delivery threads into individual arrays\n";
while ( my ($thread_id, $thread) = each $threads) {
DELIVERY_SEARCH:
foreach my $line (@delivery_in) {
if ( $line =~ m/$thread->{smtp_recipients}->[0]/) {
my ($trash_time, $delivery_id) = split/ /,$line;
$delivery_id =~ s/(\[|\])//g;
my @delivery_thread = grep {/$delivery_id/} @delivery_in;
my @delivery_recip;
foreach (@delivery_thread) {
if (m/Delivery for $search_string to/) {
my ($recipient) = m/\Delivery for $search_string to (.*?) has/;
push @delivery_recip, lc $recipient;
}
}
print Dumper @delivery_recip;
my %keys;
my @smtp_recipients = @{$thread->{smtp_recipients}};
@keys{@smtp_recipients} = @smtp_recipients;
# print "Checking Recipients, thread id: $delivery_id\n";
# print "#################################################################################\n";
# print "#################################################################################\n";
# print "############### Keys \n";
# print "############### THread ID: $thread_id\n";
# print "#################################################################################\n";
# print "#################################################################################\n";
# print "Keys: ";
# print Dumper %keys;
# print "#################################################################################\n";
# print "#################################################################################\n";
# say "Delivery Recip:";
# say Dumper @delivery_recip;
# print "#################################################################################\n";
# print "#################################################################################\n";
# print "#################################################################################\n";
# say "\n\n\n";
delete @keys{@delivery_recip};
next DELIVERY_SEARCH if keys %keys;
# say "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
# say "!!!!!!!!!! MATCH !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
# say "$delivery_id";
# print Dumper @delivery_thread;
$thread->{delivery_log} = \@delivery_thread;
}
}
}
print "Generating Report...\n";
open my $FHOUT, '>', './reports/' . $date . '-email_report.txt';
print $FHOUT "Report for $smtp_log, $delivery_log \n";
while ( my ($thread_id, $thread) = each %$threads) {
print $FHOUT "############################################################\r\n";
print $FHOUT "## BEGIN SMTP LOG for SMTP Thread: $thread_id\r\n";
print $FHOUT "############################################################\r\n";
print $FHOUT $_ . "\n" foreach @{$thread->{smtp_body}};
# while ( my ($delivery_id, $delivery_log) = each %{$thread->{delivery}}) {
print $FHOUT "\t######################################################\r\n";
print $FHOUT "\t## BEGIN DELIVERY LOG\r\n";
print $FHOUT "\t######################################################\r\n";
print $FHOUT "\t$_" foreach @{$thread->{delivery_log}};
# }
print $FHOUT "##############################################################\r\n";
print $FHOUT "\r\n\r\n\r\n";
}
}
say "IP: $_ , Times Authenticated: $auth_count->{$_}"
foreach
sort { $auth_count->{$a} cmp $auth_count->{$b} }
keys %$auth_count;
open my $IP_REPORT, '>', './reports/' . 'ip_auth_report.txt';
print "IP: $_ , Times Authenticated: $auth_count->{$_} \r\n"
foreach
sort { $auth_count->{$a} cmp $auth_count->{$b} }
keys %$auth_count;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment