Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

One-liner script for displaying BLACKLIST sendergroup ip/sbr

MFC (or possibly M-series) does not log BLACKLISTed SG connection information.

This make sense, because 95% of connections belongs to BLACKLIST. :cry:

To verify whether setting too strict of SBRS score for BLACKLIST SG, I have a script

For one mail.log file

tac mail.current | \
awk '/REJECT SG BLACKLIST match/ { a = $NF; getline; printf "%s ",$0; print a } ' | \
grep 'verified yes' | awk '{ print $15,$19,$NF }'|sort |uniq -c|sort -n

Fpr process multiple mail.@*.s file

tac `ls -1t mail.*s|head -3` | \
awk '/REJECT SG BLACKLIST match/ { a = $NF; getline; printf "%s ",$0; print a } ' | \
grep 'verified yes' | awk '{ print $15,$19,$NF }'|sort |uniq -c|sort -n


Example output
834 122.218.211.93 122x218x211x93.ap122.ftth.ucom.ne.jp -10.01
892 77.45.131.75 75.131.c10008-a77.dsl-dynamic.vsi.ru -10.01
920 70.56.148.214 70-56-148-214.bois.qwest.net -4.91
923 200.158.73.159 200-158-73-159.dsl.telesp.net.br -10.01
963 93.124.99.106 host-93-124-99-106.dsl.sura.ru -10.01
982 85.136.139.99 85.136.139.99.dyn.user.ono.com -7.31
983 82.255.81.30 lns-bzn-42-82-255-81-30.adsl.proxad.net -4.21
984 200.120.226.165 pc-165-226-120-200.cm.vtr.net -10.01
997 68.90.116.121 adsl-68-90-116-121.dsl.rcsntx.swbell.net -10.01
1031 80.7.70.213 cpc2-pool4-0-0-cust724.sotn.cable.ntl.com -10.01
1060 189.19.211.97 189-19-211-97.dsl.telesp.net.br -10.01
1127 210.202.82.21 nk210-202-82-21.vdslpro.static.apol.com.tw -7.81
1174 65.25.105.170 cpe-65-25-105-170.neo.res.rr.com -7.31
1253 82.41.145.16 82-41-145-16.cable.ubr04.grth.blueyonder.co.uk -10.01
1301 61.227.71.96 61-227-71-96.dynamic.hinet.net -4.51
1415 79.86.157.30 30.157.86-79.rev.gaoland.net -10.01
1450 189.58.225.74 189.58.225.74.dynamic.adsl.gvt.net.br -10.01
1646 91.67.109.82 91-67-109-82-dynip.superkabel.de -10.01
1843 77.192.81.76 76.81.192-77.rev.gaoland.net -10.01
1994 89.78.204.79 chello089078204079.chello.pl -10.01
2164 86.21.9.87 cpc2-stap6-0-0-cust342.nott.cable.ntl.com -10.01
2298 118.8.196.173 p1173-ipbf1408souka.saitama.ocn.ne.jp -4.01


(Btw, we set BLACKLIST SBRS <= -3.5)

143
Views
0
Helpful
0
Replies
CreatePlease to create content