[Tutor] parsing sendmail logs
Monika Jisswel
monjissvel at googlemail.com
Tue Jul 15 13:15:58 CEST 2008
>
> but in that case use bash or ksh
Hi Alan,
to say the truth I never thought about "additional overhead of getting the
input/output data transferred" because the suprocess itself will contain the
(bash)pipe to redirect output to the next utility used not the python
subprocess.PIPE pipe so it will be like one subprocess with each utility
piping stdout to the next as if run from the shell, what python comes in for
? well, its always sweet to work with python as it will allow you to make
whatever logic you have in yoru head into real life with ease and at the end
of the subprocess you can always parse the stdout using python this time &
load results to some database.
I have to say that I have seen awk, grep & sort, wc, work on files of
handreds of Mbytes in a matter of 1 or 2 seconds ... why would I replace
such a fast tools ?
Alan do you think python can beat awk in speed when it comes to replacing
text ? I always wanted to know it !
Any pragmatic advice on building or working with a framework to get to the
> point where i can do analysis on my logs would be cool.
ok ! so your program parses sendmail log, returns some data, your python
program will then parse this data & depending on results will either send an
email saying 'everything OK' or will take measures like run a
subprocess.Popen('/etc/init.d/sendmail stop', shell = 1) or add some email
address or hostname or ip to spamassassin lack list & reload it ...
but some problems will rise when we talk about the frequency you will run
your scans ? every 1 minute ? every 5 minutes ? 500 mails would be
recieved by then so it would be of no use.
this said this program cannot be used for real time problem detection
effectively ... but it will be very effective for end-of-day statistics ...
that's why programs such as spamassassin were creatd i guess ...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/tutor/attachments/20080715/b6fd2627/attachment.htm>
More information about the Tutor
mailing list