freq-rcpt-sender.AWK
Generated on Tue Dec 05 17:39:05 Eastern Standard Time 2006 from freq-rcpt-sender.AWK
# Program : FREQ-RCPT-SENDER.AWK
# Purpose : Parse through POA log file to create frequent sender/recipient list
# Author : Bob Jonkman <bjonkman@sobac.com>
# Copyright 2008 Bob Jonkman and/or SOBAC Microcomputer Services
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Date : 1 April 2005
# Usage : gawk -f FREQ-RCPT-SENDER.AWK -v TIMEEND=hh:mm:ss inputfiles > outputfile.CSV
function timeinminutes(timestring, time) { split(timestring,time,":") ;
return (time[1]*60 + time[2] + time[3]/60) ;
}
BEGIN { thresholdrcptwindow = 100 ; # User-defined settings to determine Alert eligibility
thresholdrcpt = 400 ;
# thresholdsentwindow = 200 ;
# thresholdsent = 600 ;
timewindowsize = 120 ; # in minutes
timewindowend = timeinminutes(TIMEEND) ;
timewindowstart = timewindowend - timewindowsize ;
# Convert the start of the time window back to a timestring...
TIMESTART = int(timewindowstart/60) ":" int(timewindowstart%60) ":" int(timewindowstart - int(timewindowstart))*60
FS = ":" ;
OFS = "," ;
}
# Collect data on Recipient
/Distributed:/ { timestamp = timeinminutes($1 ":" $2) ;
name = tolower($4) ;
totalrcpt++ ;
if (!rcpt[name]) uniquercpt++ ;
rcpt[name]++ ;
if (!user[name]) uniqueuser++ ;
user[name] = 1 ;
if ( (timestamp >= timewindowstart) && (timestamp <= timewindowend) )
{ totalrcptwindow++ ;
if(!rcptwindow[name]) uniquercptwindow++ ;
rcptwindow[name]++ ;
if(!userwindow[name]) uniqueuserwindow++ ;
userwindow[name]++ ;
}
}
# Collect data on Sender
# /Distribute message from:/ { timestamp = timeinminutes($1 ":" $2) ;
# name = substr(tolower($4),1,length($4)-1) ; # remove trailing space (Q&D)
# totalsent++ ;
#
# if (!sent[name]) uniquesent++ ;
# sent[name]++ ;
#
# if (!user[name]) uniqueuser++ ;
# user[name] = 1 ;
#
# if ( (timestamp >= timewindowstart) && (timestamp <= timewindowend) )
# { totalsentwindow++ ;
#
# if(!sentwindow[name]) uniquesentwindow++ ;
# sentwindow[name]++ ;
#
# if(!userwindow[name]) uniqueuserwindow++ ;
# userwindow[name]++ ;
# }
#
#
# }
END { # # print("Threshold Exceeded,Received in Time Window,Sent in Time Window,Total in Time Window,Received Today,Sent Today,Total Today,ObjectID (only ObjectIDs with Received items in the Time Window are listed)");
# print("Threshold Exceeded,Received in Time Window,Received Today,ObjectID (only ObjectIDs with Received items in the Time Window are listed)");
# for(i in rcptwindow)
# { thresholdexceeded = (rcptwindow[i] > thresholdrcptwindow) ;
# thresholdexceeded += (rcpt[i] > thresholdrcpt) ;
# # thresholdexceeded += (sentwindow[i] > thresholdsentwindow) ;
# # thresholdexceeded += (sent[i] > thresholdsent) ;
# if (thresholdexceeded)
# { uniquethresholdexceeded++ ;
# threxcusers[i] = thresholdexceeded ;
# }
#
# # printf("%8i,%8i,%8i,%8i,%8i,%8i,%8i,%s", thresholdexceeded, rcptwindow[i], sentwindow[i], rcptwindow[i]+sentwindow[i], rcpt[i], sent[i], rcpt[i]+sent[i], i "\n" ) | "sort /r" ;
# printf("%8i,%8i,%8i,%s", thresholdexceeded, rcptwindow[i], rcpt[i], i "\n" ) | "sort /r" ;
# }
# print("=====") ;
# # print("",totalrcptwindow, totalsentwindow, totalrcptwindow+totalsentwindow, totalrcpt, totalsent, totalrcpt+totalsent, "Total") ;
# print("",totalrcptwindow, totalrcpt, "Total") ;
# # print(uniquethresholdexceeded,uniquercptwindow, uniquesentwindow, uniqueuserwindow,uniquercpt, uniquesent, uniqueuser, "Unique ObjectIDs") ;
# print(uniquethresholdexceeded,uniquercptwindow,uniquercpt, "Unique ObjectIDs") ;
# # print("",thresholdrcptwindow,thresholdsentwindow,"",thresholdrcpt,thresholdsent,"","Thresholds") ;
# print("",thresholdrcptwindow,thresholdrcpt,"Thresholds") ;
# print("\n") ;
# print(TIMESTART,"Time Window start") ;
# print(TIMEEND,"Time Window end") ;
# print(timewindowsize,"Time Window size") ;
# # print(timewindowstart,"Time Window start in minutes") ;
# # print(timewindowend,"Time Window end in minutes") ;
# print(strftime("%T"),"Job End") ;
# print("Threshold Exceeded,Received in Time Window,Sent in Time Window,Total in Time Window,Received Today,Sent Today,Total Today,ObjectID (only ObjectIDs with Threshold Exceeded are listed)") > "thresholdexceeded.csv" ;
print("Threshold Exceeded,Received in Time Window,Received Today,ObjectID (only ObjectIDs with Threshold Exceeded are listed)") > "thresholdexceeded.csv" ;
for(i in threxcusers)
{ printf("%8i,%8i,%8i,%s\n",threxcusers[i],rcptwindow[i],rcpt[i],i) > "thresholdexceeded.csv" ;
}
print("=====") > "thresholdexceeded.csv" ;
# print("",thresholdrcptwindow,thresholdsentwindow,"",thresholdrcpt,thresholdsent,"","Thresholds") > "thresholdexceeded.csv" ;
print("",thresholdrcptwindow,thresholdrcpt,"Thresholds") > "thresholdexceeded.csv" ;
print("\n") > "thresholdexceeded.csv" ;
print(TIMESTART,"Time Window start") > "thresholdexceeded.csv" ;
print(TIMEEND,"Time Window end") > "thresholdexceeded.csv" ;
print(strftime("%T"),"Job End") ;
}
# EOF: FREQ-RCPT-SENDER.AWK
1 files processed.