#!/bin/bash################################################################################## Script for parsing IronPort logs for collecting top mail senders every hour on Iron Port Server ################################################################################## #####Collecting the Program Start time##### echo "Program Start time `date +%T`" > /tmp/time ##### Check if the Script is started correctly ##### if [ $# != 1 ]; then echo "Improper syntax" "Expected syntax [script.sh ]"exitelseecho ""fi ##### Setting Variable #####ORG_FILE=$1MAILTO="xssss123@xdwcs.com xssss1234@xdwcs.com"MAIL=/usr/bin/mutt ##### Collecting only required Data from the IronPort Logs ##### grep "interface PublicNet (3\RID [0-9]" $ORG_FILE > /tmp/newreffileSOURCE_FILE=/tmp/newreffile ##### Collecting the HOURS for which the logs to be parsed #####awk '{print $4}' $SOURCE_FILE cut -c 1,2 uniq > /tmp/hrsfileHRSFILE=/tmp/hrsfile ###Collecting data for hour wise ####while read HRSdo grep " $HRS:" $SOURCE_FILE > /tmp/reffileREFFILE=/tmp/reffile DATESTAMP=`head -1 $SOURCE_FILE awk '{print $1,$2,$3}'`TIMESTAMP=`echo $HRS`echo "====================================" > /tmp/masterecho " TOP MAIL SENDERS FOR $DATESTAMP at $HRS" >> /tmp/masterecho "====================================" >> /tmp/master #### Collecting the ICID and IP address details #####grep "(3." $SOURCE_FILE > /tmp/ipfileIPFILE=/tmp/ipfile ################################################# ##### COLLECT ALL UNIQ ICID FROM THE REFERECE FILE #####grep "(3." $REFFILE uniq -u awk '{print $10}'grep '^[0-9]' > /tmp/icidfileICID=/tmp/icidfile while read LINEdo TOTALMAILS=`grep $LINE $SOURCE_FILE grep RID wc -l` IPADDRESS=`grep $LINE $IPFILE grep "(3." awk '{print $15}'` echo -e "$IPADDRESS \t\t $TOTALMAILS" >> /tmp/outputdone < $ICID ##### Collect the Uniq IP address and the mail counts #####awk '{print $1}' /tmp/output sort -u > /tmp/uniqipUNIQ=/tmp/uniqip while read IPdo MCOUNT=`grep $IP /tmp/output awk '{ sum += $2 };END { print sum }'`# echo "$ORG_FILE - HOUR $HRS" > /tmp/result echo -e "$MCOUNT \t \t $IP" >> /tmp/resultdone < $UNIQ RESULT=/tmp/result sort -rn $RESULT head -10 >> /tmp/mastersort -rn $RESULT > /tmp/mailattachment.txtMATTACHMENT=/tmp/mailattachment.txt mv $RESULT $ORG_FILE-`date +%T-%F-%N`echo "Program End time `date +%T`" >> /tmp/timemutt -s "Top 10 Mail Senders" -a $MATTACHMENT $MAILTO < /tmp/mastersleep 10rm -f /tmp/outputdone < $HRSFILE ######### END OF PROGRAM ##############