Solved: Re: How can i get ip address from postfix logs

saito0910 · ‎04-17-2014

Hi,

How can i get ip address from like under log??

---
Sep 13 23:55:42 mailhost1 postfix/smtpd[15824]: [ID 197553 mail.info] connect from example.com[1.1.1.1]
---

I use search command "host=mailhost1 | top limit=100 client ",
and result is "example.com[1.1.1.1]".(source type is postfix_syslog)

I need only ip address to use geoip.

thanks

MuS · ‎04-17-2014

Hi saito0910,

try something like this:

host=mailhost1 | rex field=client "(?<myIP>(\d+\.){3}\d+)]$" | top limit=100 myIP

this will get the IP form the client field and returns it as new field myIP

hope this helps ...

cheers, MuS

MuS · ‎04-17-2014

Hi saito0910,

try something like this:

host=mailhost1 | rex field=client "(?<myIP>(\d+\.){3}\d+)]$" | top limit=100 myIP

this will get the IP form the client field and returns it as new field myIP

hope this helps ...

cheers, MuS

saito0910 · ‎04-18-2014

Thanks MuS! That worked well! 🙂

How can i get ip address from postfix logs