Thx, I'll try them

<P>In some other mailserver software there are functionalities for searching the logs. This is very handy when tracking down, what has happened to a particular message. Now with the logs being in different log-files depending on module a trace type of search is nearly impossible without first joining the log files smartly.</P> <P>Since the start of this community I am now receiving more than a 100 false messages based on honeypot catches. But thanks to running another mailserver than mercury for the web-based outbound I have the possibility to track the returning messages and their cause. Well, since I want to omit having a second mailserver software and only rely on Mercury, the search and examine possibility of the Logs would be appreciated. Below is an example log, showing a honeypot trace to cybernirvana.com.</P> <CENTER><FONT face="Arial, Helvetica" size=3><B>Detail Report</FONT></B> <HR width="75%"> </CENTER> <P><FONT face="Arial, Helvetica" size=-1>2007-maj-24 14:12:05  Action: <FONT color=#008800>Message Accepted</FONT>  Client: <FONT color=#008800>194.63.129.54</FONT>  From: <FONT color=#008800>ILIJAGunko@CYBERNIRVANA.COM</FONT>   To: <FONT color=#008800>cleanserdeftest@ihpu.se</FONT>  Subject: <FONT color=#008800>Kapitalanlage.</FONT>  Size: <FONT color=#008800>894</FONT>   SMTP ID: <FONT color=#008800>M2007052414115929535</FONT>  Connection ID: <FONT color=#008800>207297</FONT>   2007-maj-24 14:12:17  Action: <FONT color=#ff8429>Message Delivery Attempt Failed</FONT>  Client: <FONT color=#008800>194.63.129.54</FONT>  From: <FONT color=#008800>ILIJAGunko@CYBERNIRVANA.COM</FONT>   To: <FONT color=#008800>cleanserdeftest@ihpu.se</FONT>  Subject: <FONT color=#008800>Kapitalanlage.</FONT>  SMTP ID: <FONT color=#008800>M2007052414115929535</FONT>   Connection ID: <FONT color=#008800>207301</FONT>  Last Command: <FONT color=#008800>RCPT To</FONT>  Last Response: <FONT color=#008800>550 Address '<cleanserdeftest@ihpu.se>' not known here.</FONT>   2007-maj-24 14:12:17  Action: <FONT color=#ff8429>Message Generated</FONT>  From: <FONT color=#008800>Symantec_Mail_Security_for_SMTP@workorder.se</FONT>  To: <FONT color=#008800>ILIJAGunko@CYBERNIRVANA.COM</FONT>   Size: <FONT color=#008800>1839</FONT>  SMTP ID: <FONT color=#008800>M2007052414121729538</FONT>  Reference SMTP ID: <FONT color=#008800>M2007052414115929535</FONT>   Info: <FONT color=#008800>Automatically generated bounce message.</FONT>   2007-maj-24 14:12:17  Action: <FONT color=#ff8429>Message Bounced</FONT>  Client: <FONT color=#008800>194.63.129.54</FONT>  From: <FONT color=#008800>ILIJAGunko@CYBERNIRVANA.COM</FONT>   To: <FONT color=#008800>cleanserdeftest@ihpu.se</FONT>  Subject: <FONT color=#008800>Kapitalanlage.</FONT>  SMTP ID: <FONT color=#008800>M2007052414115929535</FONT>   Info: <FONT color=#008800>Mailbox unknown or not accepting mail.</FONT>  Info2: <FONT color=#008800>550 Address '<cleanserdeftest@ihpu.se>' not known here. </FONT>   2007-maj-24 14:12:17  Action: <FONT color=#008800>Message Processing Completed</FONT>  Client: <FONT color=#008800>194.63.129.54</FONT>  From: <FONT color=#008800>ILIJAGunko@CYBERNIRVANA.COM</FONT>   To: <FONT color=#008800>cleanserdeftest@ihpu.se</FONT>  Subject: <FONT color=#008800>Kapitalanlage.</FONT>  SMTP ID: <FONT color=#008800>M2007052414115929535</FONT>   2007-maj-24 14:12:26  Action: <FONT color=#008800>Message Delivered</FONT>  Server: <FONT color=#008800>mail-fwd.g14.rapidsite.net:25</FONT>  From: <FONT color=#008800>Symantec_Mail_Security_for_SMTP@workorder.se</FONT>   To: <FONT color=#008800>ILIJAGunko@CYBERNIRVANA.COM</FONT>  SMTP ID: <FONT color=#008800>M2007052414121729538</FONT>  Connection ID: <FONT color=#008800>207303</FONT>   Last Response: <FONT color=#008800>250 0-0661568745 Message accepted for delivery</FONT>   2007-maj-24 14:12:26  Action: <FONT color=#008800>Message Processing Completed</FONT>  From: <FONT color=#008800>Symantec_Mail_Security_for_SMTP@workorder.se</FONT>  To: <FONT color=#008800>ILIJAGunko@CYBERNIRVANA.COM</FONT>   SMTP ID: <FONT color=#008800>M2007052414121729538</FONT>   </TABLE></FONT> <I>7 matching records found.</I></P>

<p>Mercury's log files are all plain text and can be easily searched using any grep or similar utility. They were specifically designed this way for exactly this reason. Cheers! -- David -- </p>

<P>I bet not many know what grep is these days....</P> <P>Anyhow - does anyone have any good pointers to a web-based grep util?</P>

<p>This is the one I use frequently, it's under dos though:</p><p>c:\>grep Name:     grep - regular expression search through files Usage:    grep [ -vclins? ] <pattern> file1 ... Version:  3.0 for PCs with DOS 2.1 and higher           (C) Copyright Peter Stephen Heitman 1986  --  All Rights Reserved           Distributed with the PiCnix Package (tm) by Peter Stephen Heitman           Regular expression pattern matching algorithm:              Copyright (c) 1986 by University of Toronto.              Written by Henry Spencer.  Not derived from licensed software.</p><p>I doubt this little util even know's what "the web" is[:D]</p><p> </p>

<p>I use a spreadsheet (Excel - but OO works too) to import all my text log files.</p><p>Each log file gets its own tab and can refresh as required (manual or at set intervals).</p><p>This gives me the ability to have  data analysis columns next to the imported log and to filter as I want.</p><p>After trying quite a few log viewers etc. (none would do it the way I want) I have found this the fastest way of doing log traces. </p>

<p>It can be handy to see what is happening live in the logs.</p><p>For Windows I use BareTail: <a href="http://www.baremetalsoft.com/baretail/%20" title="http://www.baremetalsoft.com/baretail/ " mce_href="http://www.baremetalsoft.com/baretail/ ">http://www.baremetalsoft.com/baretail/ </a></p><p> And for a windows based GUI Grep BareGrep: <a href="http://www.baremetalsoft.com/baregrep/index.php" title="http://www.baremetalsoft.com/baregrep/index.php" mce_href="http://www.baremetalsoft.com/baregrep/index.php">http://www.baremetalsoft.com/baregrep/index.php</a>  </p>