#!/usr/bin/perl
# postfix log analyzer

%month_num = (
    'JAN', 1,
    'FEB', 2,
    'MAR', 3,
    'APL', 4,
    'MAY', 5,
    'JUN', 6,
    'JUL', 7,
    'AUG', 8,
    'SEP', 9,
    'OCT', 10,
    'NOV', 11,
    'DEC', 12 );

while(<>) {
    chop;
    s/\r$//;
    $syslog = $_;
    @col = split(/\s+/, $syslog, 7);
    unless ($col[4] =~ /^postfix/) {next}
    $mon = $month_num{uc($col[0])};
    ($day, $time, $host, $qid) = @col[1,2,3,5];
    $qid =~ s/:$//;
    @stack = split(/\s*,\s*/, @col[6]);
    while (@stack) {
        $word = shift(@stack);
        if ($word =~ s/^client=//) {
            $log_client{$qid} = $word;
        } elsif ($word =~ s/^message-id=//) {
            $log_messageId{$qid} = $word;
        } elsif ($word =~ s/^from=//) {
            $log_from{$qid} = $word;
        } elsif ($word =~ s/^size=//) {
            $log_size{$qid} = $word;
        } elsif ($word =~ s/^to=//) {
            $log_to{$qid} = $word;
        } elsif ($word =~ s/^relay=//) {
            $log_relay{$qid} = $word;
        } elsif ($word =~ s/^status=//) {
            $log_status{$qid} = $word;
        } elsif ($word =~ /^removed$/) {
            printf("%02d/%02d %s %s %s client=%s, from=%s, to=%s, size=%s, message-id=%s, relay=%s, status=%s\n", $mon, $day, $time, $host, $qid, $log_client{$qid}, $log_from{$qid}, $log_to{$qid}, $log_size{$qid}, $log_messageId{$qid}, $log_relay{$qid}, $log_status{$qid});
            delete $log_client{$qid};
            delete $log_from{$qid};
            delete $log_to{$qid};
            delete $log_size{$qid};
            delete $log_messageId{$qid};
            delete $log_relay{$qid};
            delete $log_status{$qid};
        }
    }
}