From: Vincent Cunniffe (vincent at domain diva.ie)
Date: Mon 23 Sep 2002 - 10:58:02 IST
Hi,
looking for a perl regexp guru to do my homework for me, pls ;-)
I have a pop relay auth daemon scanning the /var/log/maillog file
for incoming pop/imap authentications, and dumping the matching
IP's into a localip hashfile for sendmail to allow relaying from.
This is all working fine, but the logging format changes when the
IP doesn't have a valid reverse lookup.
Valid : ... Login user=xxx host=blah.domain.com [IP]
Invalid : ... Login user=xxx host=[IP]
The daemon does a gethostbyname on the hostname it finds. So,
what I'd like is a small chunk of perl code to correctly parse
pop/imap log lines of the above format, skipping the hostname
and just parsing and returning the IP.
Current perl code :
----------------------------
sub scanaddr ($) {
my $s = $_[0];
my at domain paddrs; # Packed IP addresses.
my at domain addrs; # ASCII addresses.
my $junk;
if ($s =~ m/i(pop2|pop3|map)d\[[0-9]+\]: (Login|Authenticated)
user=/) {
$s =~ s/.*host=(\S+).*/$1/;
($junk, $junk, $junk, $junk, at domain paddrs) = gethostbyname($s);
while ( at domain paddrs) {
push( at domain addrs, join('.', unpack('C4', shift( at domain paddrs))));
}
return at domain addrs;
}
return ();
}
----------------------------
Regards,
Vin
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:19:00 GMT