Skip to content

Instantly share code, notes, and snippets.

Forked from xtetsuji/
Created February 8, 2016 03:02
Show Gist options
  • Save ynott/ff7ae95467ea37ce0d5d to your computer and use it in GitHub Desktop.
Save ynott/ff7ae95467ea37ce0d5d to your computer and use it in GitHub Desktop.
enhancement of "pflog" for parsing maillog of postfix 2.3 or higher version.
# "pflog" enhancement for parsing maillog of postfix 2.3 or higher version.
# "pflog" see:
use strict;
use warnings;
use Time::Local;
use Getopt::Long;
#use Data::Dumper;
my %month = (qw(Jan 1 Feb 2 Mar 3 Apr 4 May 5 Jun 6 Jul 7 Aug 8 Sep 9 Oct 10 Nov 11 Dec 12));
my $SEPARATOR = q(,);
my (%queue, @found_queue);
'year|y=s' => \ my $year,
'no-header|H' => \ my $no_header,
'help' => \ my $help,
if ( $help ) {
print <<END_HELP;
$0 -y YEAR mail.log > mail.csv
if ( !defined $year || $year !~ /^\d{4}$/ ) {
die "specify -y YEAR (YEAR is 4 letter digits, e.g. 2011).\n";
my $re_date = qr/[A-Z][a-z][a-z] ?\d+ \d{2}:\d{2}:\d{2}/;
my $re_host = qr/\S+/;
#my $re_following_capture = qr/\s*\(([^()]+)\)/;
my $re_line = qr{^($re_date) ($re_host) postfix/(\w+)\[\d+\]: (\w+):\s*(.*)};
while (<>) {
my ($date, $host, $service, $queue_id, $following) = /$re_line/
or next;
if ( !exists $queue{$queue_id} ) {
$queue{$queue_id} = {};
# queue_id は見つかった順番に記録される
# queue_id is recorded order by found.
push @found_queue, $queue_id;
my $q = $queue{$queue_id};
my ($information) = $following =~ /\s*\((.+)\)$/
and $following =~ s/\s\(.+\)$//;
my %param;
if ( $following =~ /=/ ) {
my @param = map { split /=/, $_, 2 } split /,\s*/, $following;
if ( @param % 2 == 0 ) {
%param = @param;
else {
warn "found odd number of key/value pair.";
# %param 手直し
# %param modification.
if ( exists $param{client} && defined $param{client} ) {
my ($hostname, $ipaddr) = $param{client} =~ /^(.+?)\[([0-9.]+)\]/;
$param{client_hostname} = $hostname;
$param{client_ipaddr} = $ipaddr;
if ( $information && $param{status} ) {
$param{information} = $information;
for my $key ( qw(from to) ) {
if ( defined $param{$key} && $param{$key} =~ /^<(.*)>$/ ) {
$param{$key} = $1;
# 今回の行で取得することができた情報を追加
# Addition of information that be got current line.
for my $key (keys %param) {
my $value = $param{$key};
if ( !exists $q->{$key} ) {
# 新規採用 / newly
$q->{$key} = $value;
elsif ( !ref $q->{$key} ) { # 文字列 / string
# 配列リファレンスにして追加 / Addition as array reference
$q->{$key} = [$q->{$key}, $value];
elsif ( ref $q->{$key} eq 'ARRAY' ) {
# 配列リファレンスに push / push to array reference
push @{$q->{$key}}, $value;
else {
die "unknown situation."; # 想定外 / non-supposition
# 12/31 -> 01/01 などの流れの場合の年の調整
# Adjustoment flow of year on 12/31 -> 01/01
and $year++;
# Add _meta
my $meta_q = $q->{_meta} ||= {};
if ( !defined $meta_q->{host} ) {
$meta_q->{host} = $host;
if ( $param{client} || $param{uid} ) {
$meta_q->{start_date} = date_format($date);
if ( $param{status} && $param{status} eq 'sent' ) {
$meta_q->{end_date} = date_format($date);
#print Dumper(\%queue);
# ### DEBUG:
# my @list = map { [$_ => $queue{$_}] } @found_queue;
# print Dumper(@list);
# exit;
# ヘッダ出力
# Header output
if ( !$no_header && @found_queue ) {
# 内容行 (@found_queue) が見つからなかったら
# ヘッダ行も出力しないとした
# 内容がなければファイルサイズが 0 のほうが
# パッと見てわかりやすいからという意図
# If content row is not found, we do not output header line too.
# It is cleary that
printf "%s\n", join $SEPARATOR, map { s/^\s+//; qq("$_") } split /\n/, <<END_LIST;
queue id
arrived time
processed time
smtp client hostname / uid
smtp client IP address / username
envelope from
envelope to
relay to
delay time
information (reason of defered, local mailbox name, successful message...)
### pflog compatible output
for my $queue_id (@found_queue) {
my $q = $queue{$queue_id}; # 'HASH'
my @row = ($queue_id,
@{$q->{_meta}}{qw(start_date end_date)},
@$q{qw(client_hostname client_ipaddr from to message-id status relay delay size information)});
for ( grep { ref $_ eq 'ARRAY' } @row ) {
$_ = join $SEPARATOR, @$_;
for (@row) {
$_ = '' if !defined $_;
if ( /,/ || /"/ ) {
$_ = qq("$_");
elsif ( !/^\d+(?:\.\d+)?$/ && length $_ ) {
# Excel は数字のみではないものならダブルクォートするので
# それを真似る
# Excel quotes not only digits,
# so this program imimtations it.
$_ = qq("$_");
elsif ( /^\d{11}$/ ) {
# queue id (と思われるもの)がたまたま全部数字だった場合
# queue id (we think so) character is all digits unexpectedly.
$_ = qq("$_");
printf "%s\n", join $SEPARATOR, @row;
### from pflog
# output:
# queue id
# arrived time
# processed time
# smtp client hostname / uid
# smtp client IP address / username
# envelope from
# envelope to
# message-id
# status
# relay to
# delay time
# size
# information (reason of defered, local mailbox name, successful message...)
sub date_format {
my $date_str = shift; # e.g. Jan 31 00:00:01
my ($mon_name, $day, $hhmmss) = split /\s+/, $date_str;
# my ($hh, $mm, $ss) = map { sprintf '%d', $_ } split /:/, $hhmmss;
# sprintf に8進数と勘違いされないように
# We avoid that sprintf confuses it octet.
$day =~ s/^0//;
my $mon = $month{$mon_name};
return sprintf '%d/%02d/%02d %s', $year, $mon, $day, $hhmmss;
# skew_date($syslog_date_string)
# 前回 skew_date を呼び出したときの日付(年月日)よりも逆行しているなら真
# 分や秒の細かいことまで見ない
# Ture if Date (year month day) previous calling of skwe_date goes backward.
# We do not see detail of minutes or second.
my $prev_mm_dd; # state
sub skew_date {
my $cur_mm_dd = join '/', (split m{/}, date_format(shift))[1,2];
my $is_skew;
if ( !$prev_mm_dd # 初回呼び出し / initial calling
|| $prev_mm_dd le $cur_mm_dd # 順番通り / right order (e.g. 07/22 le 07/23)
) {
$is_skew = 0;
else {
$is_skew = 1;
$prev_mm_dd = $cur_mm_dd;
return $is_skew;
=encoding utf-8
=head1 NAME - enhancement of "pflog" for parsing maillog of postfix 2.3 or higher version.
# input postfix log of syslog format, output csv format. -y 2011 mail.log > maillog.csv
this program is postfix "mail.log" parser, convert from syslog format to csv format for MS-Excel and more spreadsheet viewer.
because syslog format does not include "year" information,
specify the "mail.log"'s year as "-y" option.
support from the year to from *next* new year.
but years are missing from the "mail.log", e.g. next "2009/??/??" line is "2011/??/??", it is not support that leap 2 year and more.
pflog: L<>
Copyright 2010-2011 fonfun corporation.
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment