freqrcpt.AWK
Generated on Tue Dec 05 17:39:05 Eastern Standard Time 2006 from freqrcpt.AWK
# Program : FREQRCPT.AWK
# Purpose : Parse through POA log file to create frequent sender/recipient list
# Author : Bob Jonkman <bjonkman@sobac.com>
# Copyright 2008 Bob Jonkman and/or SOBAC Microcomputer Services
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Date : 1 April 2005
# Usage : gawk -f FREQRCPT.AWK -v TIMEEND=hh:mm:ss -v TIMEWINDOW=mm -v TRW=thresholdrcptwindow inputfiles > outputfile.CSV
# Variables : TIMEEND - End of time window in hh:mm:ss
# TIMEWINDOW - Size of time window in minutes
# TRW - Threshold for Received Messages in Time Window
# TR - Threshold for Total Received Message
# Input file format: $1 = POAname
# $2 = Datetime (yyyy-mm-dd hh:mm:ss)
# $3 = threadno
# $4 = message (as one field)
function timeinseconds(timestring, time) { split(timestring,time,":") ;
return (time[1]*3600 + time[2]*60 + time[3]) ;
}
BEGIN { FS = "," ;
OFS = "," ;
SUBSEP = "," ;
BACKSLASH = "\\" ;
QUOTE = "\"" ;
COMMA = ","
QCQ = QUOTE COMMA QUOTE ;
domain = "@sobac.com" ;
today = strftime("%Y %m %d") ;
tistoday = mktime(today " 00 00 00") ;
# Set default variables if not done on command line
if(!TRW) # threshold received messages in window
TRW = 100 ;
if(!TIMEWINDOW) # if TIMEWINDOW has not been defined on the command line
TIMEWINDOW = 60 ;
if(!TIMEEND) # if TIMEEND has not been defined on the command line then use NOW
TIMEEND = strftime("%H:%M:%S") ;
tiswindowsize = TIMEWINDOW * 60 ; # Time in seconds
tiswindowend = tistoday + timeinseconds(TIMEEND) ;
tiswindowstart = tiswindowend - tiswindowsize ;
DATETIMEEND = strftime("%Y-%m-%d %H:%M:%S",tiswindowend) ;
DATETIMESTART = strftime("%Y-%m-%d %H:%M:%S",tiswindowstart) ;
# Re-calculate TIMESTART and TIMEEND from tis values
TIMEEND = strftime("%H:%M:%S" , tiswindowend) ;
TIMESTART = strftime("%H:%M:%S" , tiswindowstart) ;
}
# Collect data on Recipient
/Distributed:/ {
parsecsv($0,logline)
timestamp = logline[2]
gsub(/-/," ",timestamp) # Replace date separator with " " for mktime
gsub(/:/," ",timestamp) # Replace time separator with " " for mktime
tistimestamp = mktime(timestamp) ;
# print("##### DEBUG ##### " strftime("%Y-%m-%d %H:%M:%S ", tistimestamp), $0 ) ;
split(logline[4],messagefield,":")
name = gwid2smtp(tolower(trim(messagefield[2])))
totalrcpt++ ;
# print("##### DEBUG ##### totalrcpt= " totalrcpt )
if (!rcpt[name])
{
uniquercpt++ ;
po[name] = logline[1]
}
rcpt[name]++ ;
if ( (tistimestamp >= tiswindowstart) && (tistimestamp <= tiswindowend) )
{ totalrcptwindow++ ;
if(!rcptwindow[name])
uniquercptwindow++ ;
rcptwindow[name]++ ;
}
# print("##### DEBUG ##### name= " name " rcpt[name]= " rcpt[name] " rcptwindow[name]= " rcptwindow[name] " uniquercpt= " uniquercpt " totalrcptwindow= " totalrcptwindow " uniquercptwindow= " uniquercptwindow )
}
END { thresholdoutfile = "freqrcpt-threshold.csv" ;
thresholdinfile = "freqrcpt-threshold-old.csv" ;
alertoutfile = "freqrcpt-alert.csv" ;
exceptionfile = "freqrcpt-exclude.txt" ;
# Create Recipient table
print(printcsv(TIMESTART " to " TIMEEND) COMMA printcsv("Received " today) COMMA "Mailbox (only mailboxes with Received items in the Time Window are listed),PO" );
for(i in rcptwindow)
{
# print("##### DEBUG ##### for(i in rcptwindow) i= " i , rcptwindow[i],rcpt[i],po[i] ) ;
if(rcptwindow[i] > TRW)
{
threshold[i]++ ;
totalthreshold++ ;
}
printf("%8i,%8i,%s,%s\n", rcptwindow[i], rcpt[i], printcsv(i domain), printcsv(po[i])) ##### DEBUG ##### | "sort /r" ;
}
print("=====") ;
print(totalrcptwindow COMMA totalrcpt COMMA "Total" ) ;
print(uniquercptwindow COMMA uniquercpt COMMA "Unique ObjectIDs") ;
print(TRW COMMA COMMA "Threshold") ;
print("") ;
print(printcsv(strftime("%Y-%m-%d %H:%M:%S")) COMMA "Job End") ;
# Create Threshold Exceeded file
print(printcsv(TIMESTART " to " TIMEEND) COMMA printcsv("Received " today) COMMA "Mailbox,PO") > thresholdoutfile ;
for(i in threshold)
{ printf("%8i,%8i,%s,%s\n", rcptwindow[i], rcpt[i], printcsv(i domain), printcsv(po[i]) ) > thresholdoutfile ;
}
print("=====") > thresholdoutfile ;
print(totalthreshold COMMA COMMA "Unique ObjectIDs" ) > thresholdoutfile ; # print totals
print(TRW COMMA COMMA "Thresholds") > thresholdoutfile ; # print thresholds
print("") > thresholdoutfile ; # print blank
print(printcsv(strftime("%Y-%m-%d %H:%M:%S")) COMMA "Job End") > thresholdoutfile ; # print jobend
# print("##### DEBUG ##### Read exception file header ")
getline < exceptionfile
parsecsv($0,exceptionfileheader)
# Read rest of the exception file
while((getline < exceptionfile) > 0) # while not EOF (get lines from "exceptionfile" )
{
parsecsv($0,exceptionline)
# print("##### DEBUG ##### exceptionline $0= " $0 ) ;
# for(i in exceptionline) print("##### DEBUG ##### i= " i " exceptionline[i]= " exceptionline[i]) ;
exception[exceptionline[1]] = 1 ;
}
# print("##### DEBUG ##### End of reading exception file")
# print("##### DEBUG ##### Read thresholdinfile ")
violation = 0 ;
FS = "," ; # Set Field Separator value back to normal
getlinevalue = getline < thresholdinfile ; # read headers
# print("##### DEBUG ##### getlinevalue= " getlinevalue, "$0= " $0) ;
parsecsv($0,thresholdinfileheader) ;
while (((getlinevalue = getline < thresholdinfile) > 0) && ($0 != "=====") )
{
# print("##### DEBUG ##### thresholdinfile getlinevalue= " getlinevalue, "$0= " $0) ;
parsecsv($0,thresholdinfiledata) ;
# for(i in thresholdinfiledata) print("##### DEBUG ##### i= " i " thresholdinfiledata[i]= " thresholdinfiledata[i] ) ;
oldthresholdrcptwindow[thresholdinfiledata[3]] = thresholdinfiledata[1] ;
}
# print("##### DEBUG ##### End of read thresholdinfile")
# print("##### DEBUG ##### Create Alert file")
print(printcsv(TIMESTART " to " TIMEEND) COMMA printcsv(thresholdinfileheader[1]) COMMA printcsv("Received " today) COMMA "Mailbox,PO") > alertoutfile ;
for(i in threshold)
{
if(oldthresholdrcptwindow[i domain] && !exception[i domain])
{
print(rcptwindow[i] COMMA oldthresholdrcptwindow[i domain] COMMA rcpt[i] COMMA printcsv(i domain) COMMA printcsv(po[i]) ) > alertoutfile ;
violation++ ;
}
}
print("=====") > alertoutfile ;
print(violation COMMA "Violations") > alertoutfile ;
}
# EOF: freqrcpt.AWK
1 files processed.