[BlueOnyx:10750] Re: sendmail log commands?
Chuck Tetlow
chuck at tetlow.net
Thu Jun 7 21:03:16 -05 2012
The "cut" command was simply pulling the wrong field. I tried it and had to adjust to field number 8 instead of 7. Try it that way:
cat /var/log/maillog | grep from | cut -d " " -f8 | uniq -c | sort -nr | less
Chuck
---------- Original Message -----------
From: "Gregg" <greggk1 at cox.net>
To: "'BlueOnyx General Mailing List'" <blueonyx at mail.blueonyx.it>
Sent: Thu, 7 Jun 2012 14:04:09 -0700
Subject: [BlueOnyx:10749] sendmail log commands?
> A month or so ago there was discussions regarding trojans and backdoors and checking your logs for who is sending email.
> There was one particular command that was given that seemed like it could work nicely:
> One way to find who is sending the most e-mails is to use this command:
> cat /var/log/maillog | grep from | cut -d " " -f7 | uniq -c | sort -nr | less
>
> I tried using that command on my system and it didn't give me the users that were sending out email but rather the actual files that are in the mqueue folder. So something like q57L4NQU004856 . I assume that is not the way it's supposed to work :)
> Is there something wrong with that command? Are there any useful commands that you guys use to check out on your systems? :)
>
> Thanks.
------- End of Original Message -------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20120607/337ac192/attachment.html>
More information about the Blueonyx
mailing list