AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of Tsz109
Tsz109
 asked on

Extract Email address from IIS 6 SMTP logs

Can anyone tell me of a way to scan these .log files to get all the "+FROM:xxxxxx.xxxxxx.com" emails out of them?

I stink at scripting but if someone knows of a way or a program to do it please let me know.

I would need exact commands and this may take a while its over a gig of logs.

Please and thanks.
ExchangeWindows Server 2003Microsoft IIS Web Server
Avatar of undefined
Last Comment
Tsz109
8/22/2022 - Mon
Amick
MS Logparser http://www.microsoft.com/en-us/download/details.aspx?id=24659 may be all you need.  An explanatory article is available at http://www.msexchange.org/tutorials/Using-Logparser-Utility-Analyze-ExchangeIIS-Logs.html

If this doesn't do the trick, post a small sample of your log file and I'll see if I can write something to help you.
Tsz109
ASKER
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2012-06-04 05:00:25
#Fields: date time c-ip cs-username s-sitename s-computername s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) cs(Referer)
2012-06-04 05:00:25 DestinationIP ServerHostname SMTPSVC1 SERVERHOSTNAME SourceIP 0 HELO - +ServerHostname 250 0 57 20 0 SMTP - - -
2012-06-04 05:00:25 DestinationIP ServerHostname SMTPSVC1 SERVERHOSTNAME SourceIP 0 MAIL - +FROM:bisldev@EX.COM 250 0 53 38 0 SMTP - - -
2012-06-04 05:00:25 DestinationIP ServerHostname SMTPSVC1 SERVERHOSTNAME SourceIP 0 RCPT - +TO:"NBordeTeam@EX.com" 452 0 24 42 63 SMTP - - -
2012-06-04 05:00:25 DestinationIP ServerHostname SMTPSVC1 SERVERHOSTNAME SourceIP 0 QUIT - ServerHostname 240 78 77 4 0 SMTP - - -
2012-06-04 05:00:25 DestinationIP ServerHostname SMTPSVC1 SERVERHOSTNAME SourceIP 0 HELO - +ServerHostname 250 0 57 20 0 SMTP - - -
2012-06-04 05:00:25 DestinationIP ServerHostname SMTPSVC1 SERVERHOSTNAME SourceIP 0 MAIL - +FROM:bisldev@EX.com 250 0 53 38 0 SMTP - - -
2012-06-04 05:00:25 DestinationIP ServerHostname SMTPSVC1 SERVERHOSTNAME SourceIP 0 RCPT - +TO:"NBordeTeam@EX.com" 452 0 24 42 63 SMTP - - -
2012-06-04 05:00:25 DestinationIP ServerHostname SMTPSVC1 SERVERHOSTNAME SourceIP 0 QUIT - ServerHostname 240 63 77 4 0 SMTP - - -


Here is an example of the logs. (They are in .log File extension but that can be changed)

All i need is the email address after the +FROM:xxxxxxx@xxxxxxx.com

names of servers and email addresses have been changed to protect the innocent :)
Tsz109
ASKER
I am also messing around with visual parser studio, if you have any queries for that then that would be greatly appreciated.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
xDUCKx
If this is a one time thing then something like Notepad++ can search thru text files for strings and give you the results.  Is this something you want to run on a continuous basis or something you'd like to run once a week?
ASKER CERTIFIED SOLUTION
Amick
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Tsz109
ASKER
Perfect, thank you
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent