[BlueOnyx:10756] Re: sendmail log commands?

[Gerald Waugh]

On 06/07/2012 09:03 PM, Chuck Tetlow wrote:
> The "cut" command was simply pulling the wrong field.  I tried it and
> had to adjust to field number 8 instead of 7.  Try it that way:
> 
> cat /var/log/maillog | grep from | cut -d " " -f8 | uniq -c | sort -nr |
> less
> 

works here,

Thanks
Gerald

> 
> 
> 
> *---------- Original Message -----------*
> From: "Gregg" <greggk1 at cox.net>
>
>> A month or so ago there was discussions regarding trojans and
> backdoors and checking your logs for who is sending email.
>> There was one particular command that was given that seemed like it
> could work nicely:
>> One way to find who is sending the most e-mails is to use this command:
>> cat /var/log/maillog | grep from | cut -d " " -f7 | uniq -c | sort -nr
> | less
>>  
>> I tried using that command on my system and it didn't give me the
> users that were sending out email but rather the actual files that are
> in the mqueue folder. So something like q57L4NQU004856 . I assume that
> is not the way it's supposed to work :)
>> Is there something wrong with that command? Are there any useful
> commands that you guys use to check out on your systems? :)
>>