#! /bin/bash

# $Id: summarise-watchmaillog.sh,v 1.4 2004/12/02 00:39:13 root Exp $
#
# display IP address and longest time blocked for each
# IP address blocked by watch-maillog.pl
#
# (C) Copyright Craig Sanders <cas@taz.net.au>, 2004
#
# this script is licensed under the terms of the GNU General Public 
# License (GPL)
#
# the latest version can always be found at http://taz.net.au/postfix/scripts

# Usage: summarize-watchmaillog.sh [-x]
#
# -x tells it to sort by times seen, rather than seconds blocked.

FINAL_SORT_ARGS="-n -k 3"

if [ "$1" == "-x" ] ; then
  shift
  FINAL_SORT_ARGS="-k 2"
fi

LOGFILES="$@"

[ -z "$LOGFILES" ] && LOGFILES="/var/log/mail.log" 

zgrep -hi "watch-maillog.* blocked" $LOGFILES | \
	awk '{print $7 " x" $13 " " $9}' | \
	sort -n -r | \
	uniq -W 1 | \
	sort $FINAL_SORT_ARGS