| #!/usr/bin/perl -w |
| |
| # |
| # samailoffset - Easy way to get messages from mass-check log output |
| # |
| # By: Theo Van Dinter (felicity@apache.org) (c) 1998-2007 |
| # Revision Info: $Id$ |
| # |
| |
| # this script will grab messages out of a corpus and display the headers (by |
| # default) or the full message (-b). typically this lets you do something |
| # like "grep RULE_NAME ham.log | samailoffset" and get the right thing. |
| |
| use strict; |
| $|++; |
| my $body = 0; |
| |
| # if "-b" is given on the command, this will output the body of the message as |
| # well as the header. |
| if ( @ARGV && $ARGV[0] =~ /^-+b/ ) { $body=1; shift; } |
| unless (@ARGV) { |
| @ARGV=<STDIN>; |
| } |
| |
| foreach ( @ARGV ) { |
| next if /^#/; |
| |
| if (/^[.Y]\s+-?\d+\s(.+?)\s(?:[A-Za-z0-9_,]+\s)?[a-z]+=/) { |
| $_ = $1; |
| } |
| |
| my $count = 0; |
| /^(.+?)(?:\.(\d+))?$/; |
| my($file,$offset) = ($1,$2); |
| |
| if ($file =~ /\.gz$/) { |
| $file = "gunzip -cd $file |"; |
| } |
| elsif ($file =~ /\.bz2$/) { |
| $file = "bzip2 -cd $file |"; |
| } |
| |
| open(T,$file) || die "Can't open $file: $!"; |
| seek T, $offset, 0 if (defined $offset); |
| while(defined(my $l=<T>)) { |
| last if ($count++ && $l=~/^From /); |
| print $l; |
| last if (!$body && $l=~/^$/); |
| } |
| close(T); |
| } |