Wednesday, November 20, 2013

Google's tool for analyzing email headers

I periodically have the need to dig through email headers to figure out when the email originated.  Email headers aren't rocket science (essentially a LIFO stack), but they make my eyes wiggle.  Today, I stumbled across Google's tool for deciphering these logs...and it's pretty cool.

https://toolbox.googleapps.com/apps/messageheader/analyzeheader

This tool takes a header like this:
Delivered-To: f00bar@gmail.com
Received: by 10.182.148.167 with SMTP id tt7csp107427obb;
        Wed, 20 Nov 2013 14:09:06 -0800 (PST)
X-Received: by 10.15.81.129 with SMTP id x1mr49625eey.55.1384985344849;
        Wed, 20 Nov 2013 14:09:04 -0800 (PST)
Return-Path: <noreply@malwr.com>
Received: from malwr.com ([46.244.22.3])
        by mx.google.com with ESMTP id w6si12230921eeg.336.2013.11.20.14.09.04
        for <f00bar@gmail.com>;
        Wed, 20 Nov 2013 14:09:04 -0800 (PST)
Received-SPF: neutral (google.com: 46.244.22.3 is neither permitted nor denied by best guess record for domain of noreply@malwr.com) client-ip=46.244.22.3;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 46.244.22.3 is neither permitted nor denied by best guess record for domain of noreply@malwr.com) smtp.mail=noreply@malwr.com
Received: from cuckoo.shadowserver.org (localhost [127.0.0.1])
by malwr.com (Postfix) with ESMTP id EC56417818CD
for <f00bar@gmail.com>; Wed, 20 Nov 2013 14:09:02 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Malwr - Analysis completed!
From: noreply@malwr.com
To: f00bar@gmail.com
Date: Wed, 20 Nov 2013 22:09:02 -0000
Message-ID: <20131120220902.24101.27746@cuckoo.shadowserver.org>


And makes it easier to look at, like this:


Posted by Adam at 2:32 PM 0 comments
Labels: , ,

Thursday, November 14, 2013

Making Sure Logs Don't Get Out of Control


Sometimes, you need a little script to make sure your logs aren't getting too crazy. Enjoy!

#! /bin/bash

 ###################################################################
#
# Author: Matthew Myrick
# Date Created: 20120330
# Date Modified: 20120330
# Purpose: This scripts is used to remove old data when the
#       disk is over 97% full
#
# Dependencies: CRON
#
####################################################################

 #CHECK TO SEE DISK USE PERCENTAGE
perc="`df -h /Promise | tail --lines 1 | awk '{print $5}' | cut -d '%' -f 1`"

 #COMPARE VALUE TO OUR LIMIT
if [ "$perc" -gt "97" ]; then
 /usr/bin/find /Promise -maxdepth 1 -type d -printf "%T@ %p \n" | sort -n -k 1,1 | awk '{print $2}' | head -1 | xargs rm -rf
fi

Posted by Matt Myrick at 9:51 AM 1 comments
Subscribe to: Posts (Atom)