I am currently trying to extract all the sender domains from maillog. I am able to do some of that with the below command but the output is not quite what I desired. What would be the best approach to retrieve a unique list of sender domains from maillog?
grep from= /var/log/maillog |
awk '{print $7}' |
sort | uniq -c | sort -n
Output:
1 from=<[email protected]>,
1 from=<[email protected]>,
2 from=<[email protected]>,
2 from=<[email protected]>,
12 reject:
666 from=<>,
Desired output:
test.com
app1.com
example.com
See useless use of grep; if you are using Awk anyway, you don't really need grep at all.
awk '$7 ~ /from=.*@/{split($7, a, /@/); ++count[a[2]] }
END { for(dom in count) print count[dom], dom }' /var/log/maillog
Collecting the counts in an associative array does away with the need to call sort and uniq, too. Obviously, if you don't care about the count, don't print count[dom] at the end.