Today I cranked out this one to analyze my Postfix log to see who's been spamming me, or at least sending to non-existent addresses:
use strict;
my %count;
my %ips;
while (<>) {
next unless
/reject:\sRCPT\sfrom\s
([^[]+) # Host name
\[ # open bracket
([^]]+) # IP addr
\] # Closing bracket
/x;
my ($host,$ip) = ($1,$2);
$ips{$host}->{$ip}++;
++$count{$host};
}
for my $host ( reverse sort { $count{$a} <=> $count{$b} } keys %ips ) {
my $ips = $ips{$host};
my @ips;
for my $ip ( sort keys %$ips ) {
my $str = $ip;
$str .= " ($ips->{$ip})" if $ips->{$ip} > 1;
push @ips, $str;
}
printf( "%5d %s: %s\n", $count{$host}, $host, join( ", ", @ips ) );
}
which then spews out stuff like
