Hi,

Under my /var/log/message, the output will be like

Jun 30 09:53:30 server-27 in[28989]: 1246373453|jason@abc.com|djstaffo@yahoo.com|2227|success|1
Jun 30 09:53:31 server-27 in[28989]: 1246373453|jason@abc.com|djstuder@yahoo.com|2227|success|1
Jun 30 09:53:33 server-27 in[28989]: 1246373453|jason@abc.com|djsussma@oakland.edu.uk|2227|success|1
Jun 30 09:53:34 server-27 in[28989]: 1246373453|jason@abc.com|djt1000@aol.com|2227|success|1
Jun 30 09:53:35 server-27 in[28989]: 1246373453|jason@abc.com|djtc7109@aol.com|2227|success|1
Jun 30 09:53:36 server-27 in[28989]: 1246373453|jason@abc.com|djuba9@aol.com|2227|success|1

So, what I am doing is,by using the command, (less /var/log/messages |awk '{print +$6}'| sort | uniq -c | sort -nr), it will give me the ouput as

506 1246373453
404 1246373467
303 1246383457
303 1246382268
300 1246379705

Where:
1246373453 -> 1246373453|jason@abc.com|djstaffo@yahoo.com|2227|success|1

So, the picture of my outcome should be like the output should be redirected to the file and that file should verify the count , if the count exceeds more than of 100, it should send me an email. I am trying this via shell script.

for i in $ ( /var/log/messages | awk '{print $1, $2, +$6}' | sort | uniq -c | sort -nr >> /root/mailalert)
if [ $i -ge 100 ]; then
echo "mail6 alert" | mail -s "WARNING:: SPAM MAIL ALERT" "alerts@internet.com" 2> /dev/null
fi

no luck.

Hello gsiva

A powerful debugging technique is to break up the code into simpler blocks and see if each block is doing what you think it is doing.

Using this technique, what is the output from If that's doing what you wanted it to do, what is the output from What value(s) will that give to $i? If none then the loop will not be executed. It looks like you're expecting a single number -- so why use a loop?

You may find the wc command useful.

Best

Charles