greem · February 24, 2021 16:25
diff --git a/exim-logstash-elasticsearch-mapping b/exim-logstash-elasticsearch-mapping
 #!/bin/bash

 curl -XPUT 'http://localhost:9200/_template/exim' -d '{
  "order" : 0,
  "template" : "exim*",
  "settings" : {
    "index.refresh_interval" : "5s"
  },
  "mappings" : {
    "deferred" : {
      "properties" : {
        "exim_msg_state" : {
          "type" : "string"
        },
        "logsource" : {
          "type" : "string"
        },
        "host" : {
          "type" : "string"
        },
        "exim_msg_id" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "exim_year" : {
          "type" : "string"
        },
        "exim_date" : {
          "format" : "dateOptionalTime",
          "type" : "string"
        },
        "exim_month" : {
          "type" : "string"
        },
        "pid" : {
          "type" : "string"
        },
        "host_type" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "@version" : {
          "type" : "string"
        },
        "timestamp" : {
          "type" : "string"
        },
        "message" : {
          "type" : "string"
        },
        "@timestamp" : {
          "format" : "dateOptionalTime",
          "type" : "date"
        },
        "exim_flags" : {
          "type" : "string"
        },
        "exim_pid" : {
          "type" : "string"
        },
        "program" : {
          "type" : "string"
        },
        "path" : {
          "type" : "string"
        },
        "exim_day" : {
          "type" : "string"
        },
        "exim_time" : {
          "type" : "string"
        }
      }
    },
    "failed" : {
      "properties" : {
        "exim_msg_state" : {
          "type" : "string"
        },
        "logsource" : {
          "type" : "string"
        },
        "host" : {
          "type" : "string"
        },
        "exim_msg_id" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "exim_year" : {
          "type" : "string"
        },
        "exim_date" : {
          "format" : "dateOptionalTime",
          "type" : "string"
        },
        "exim_month" : {
          "type" : "string"
        },
        "pid" : {
          "type" : "string"
        },
        "host_type" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "@version" : {
          "type" : "string"
        },
        "timestamp" : {
          "type" : "string"
        },
        "message" : {
          "type" : "string"
        },
        "@timestamp" : {
          "format" : "dateOptionalTime",
          "type" : "date"
        },
        "exim_flags" : {
          "type" : "string"
        },
        "exim_pid" : {
          "type" : "string"
        },
        "program" : {
          "type" : "string"
        },
        "path" : {
          "type" : "string"
        },
        "exim_day" : {
          "type" : "string"
        },
        "exim_time" : {
          "type" : "string"
        }
      }
    },
    "received" : {
      "properties" : {
        "logsource" : {
          "type" : "string"
        },
        "exim_interface_port" : {
          "type" : "string"
        },
        "exim_subject" : {
          "type" : "string"
        },
        "@version" : {
          "type" : "string"
        },
        "host_type" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "remote_host" : {
          "type" : "string"
        },
        "timestamp" : {
          "type" : "string"
        },
        "env_sender" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "exim_pid" : {
          "type" : "string"
        },
        "remote_hostname" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "path" : {
          "type" : "string"
        },
        "exim_day" : {
          "type" : "string"
        },
        "exim_time" : {
          "type" : "string"
        },
        "exim_msg_size" : {
          "type" : "integer"
        },
        "exim_msg_state" : {
          "type" : "string"
        },
        "protocol" : {
          "type" : "string"
        },
        "host" : {
          "type" : "string"
        },
        "exim_msg_id" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "exim_year" : {
          "type" : "string"
        },
        "tls_info" : {
          "type" : "string"
        },
        "exim_month" : {
          "type" : "string"
        },
        "exim_date" : {
          "format" : "dateOptionalTime",
          "type" : "string"
        },
        "pid" : {
          "type" : "string"
        },
        "message" : {
          "type" : "string"
        },
        "@timestamp" : {
          "format" : "dateOptionalTime",
          "type" : "date"
        },
        "exim_interface" : {
          "type" : "string"
        },
        "exim_flags" : {
          "type" : "string"
        },
        "remote_heloname" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "program" : {
          "type" : "string"
        },
        "exim_header_id" : {
          "type" : "string",
          "index" : "not_analyzed"
        }
      }
    },
    "rejected_smtp_transaction" : {
      "properties" : {
        "exim_msg_state" : {
          "type" : "string"
        },
        "exim_rej_reason" : {
          "type" : "string"
        },
        "logsource" : {
          "type" : "string"
        },
        "host" : {
          "type" : "string"
        },
        "exim_year" : {
          "type" : "string"
        },
        "env_rcpt" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "exim_date" : {
          "format" : "dateOptionalTime",
          "type" : "string"
        },
        "exim_month" : {
          "type" : "string"
        },
        "pid" : {
          "type" : "string"
        },
        "host_type" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "@version" : {
          "type" : "string"
        },
        "remote_host" : {
          "type" : "string"
        },
        "timestamp" : {
          "type" : "string"
        },
        "message" : {
          "type" : "string"
        },
        "@timestamp" : {
          "format" : "dateOptionalTime",
          "type" : "date"
        },
        "remote_heloname" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "exim_pid" : {
          "type" : "string"
        },
        "program" : {
          "type" : "string"
        },
        "remote_hostname" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "path" : {
          "type" : "string"
        },
        "exim_day" : {
          "type" : "string"
        },
        "exim_time" : {
          "type" : "string"
        }
      }
    },
    "rejected_after_data" : {
      "properties" : {
        "exim_msg_state" : {
          "type" : "string"
        },
        "exim_rej_reason" : {
          "type" : "string"
        },
        "logsource" : {
          "type" : "string"
        },
        "host" : {
          "type" : "string"
        },
        "exim_msg_id" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "exim_year" : {
          "type" : "string"
        },
        "exim_date" : {
          "format" : "dateOptionalTime",
          "type" : "string"
        },
        "exim_month" : {
          "type" : "string"
        },
        "pid" : {
          "type" : "string"
        },
        "host_type" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "@version" : {
          "type" : "string"
        },
        "remote_host" : {
          "type" : "string"
        },
        "timestamp" : {
          "type" : "string"
        },
        "message" : {
          "type" : "string"
        },
        "@timestamp" : {
          "format" : "dateOptionalTime",
          "type" : "date"
        },
        "remote_heloname" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "exim_pid" : {
          "type" : "string"
        },
        "program" : {
          "type" : "string"
        },
        "remote_hostname" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "path" : {
          "type" : "string"
        },
        "exim_day" : {
          "type" : "string"
        },
        "exim_time" : {
          "type" : "string"
        }
      }
    },
    "delivered" : {
      "properties" : {
        "logsource" : {
          "type" : "string"
        },
        "env_sender" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "env_rcpt" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "env_rcpt_outer" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "@version" : {
          "type" : "string"
        },
        "host_type" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "remote_host" : {
          "type" : "string"
        },
        "timestamp" : {
          "type" : "string"
        },
        "exim_pid" : {
          "type" : "string"
        },
        "remote_hostname" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "path" : {
          "type" : "string"
        },
        "exim_day" : {
          "type" : "string"
        },
        "exim_time" : {
          "type" : "string"
        },
        "exim_transport" : {
          "type" : "string"
        },
        "exim_msg_state" : {
          "type" : "string"
        },
        "host" : {
          "type" : "string"
        },
        "exim_msg_id" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "exim_year" : {
          "type" : "string"
        },
        "tls_info" : {
          "type" : "string"
        },
        "exim_month" : {
          "type" : "string"
        },
        "exim_date" : {
          "format" : "dateOptionalTime",
          "type" : "string"
        },
        "exim_router" : {
          "type" : "string"
        },
        "pid" : {
          "type" : "string"
        },
        "message" : {
          "type" : "string"
        },
        "@timestamp" : {
          "format" : "dateOptionalTime",
          "type" : "date"
        },
        "exim_qt" : {
          "type" : "string"
        },
        "exim_flags" : {
          "type" : "string"
        },
        "program" : {
          "type" : "string"
        }
      }
    },
    "completed" : {
      "properties" : {
        "exim_msg_state" : {
          "type" : "string"
        },
        "logsource" : {
          "type" : "string"
        },
        "host" : {
          "type" : "string"
        },
        "exim_msg_id" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "exim_year" : {
          "type" : "string"
        },
        "exim_date" : {
          "format" : "dateOptionalTime",
          "type" : "string"
        },
        "exim_month" : {
          "type" : "string"
        },
        "pid" : {
          "type" : "string"
        },
        "host_type" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "@version" : {
          "type" : "string"
        },
        "timestamp" : {
          "type" : "string"
        },
        "message" : {
          "type" : "string"
        },
        "@timestamp" : {
          "format" : "dateOptionalTime",
          "type" : "date"
        },
        "exim_qt" : {
          "type" : "string"
        },
        "exim_pid" : {
          "type" : "string"
        },
        "program" : {
          "type" : "string"
        },
        "path" : {
          "type" : "string"
        },
        "exim_day" : {
          "type" : "string"
        },
        "exim_time" : {
          "type" : "string"
        },
        "searchresults" : {
          "type" : "string"
        }
      }
    }
  },
  "aliases" : { }
 }'
	#!/bin/bash

	curl -XPUT 'http://localhost:9200/_template/exim' -d '{
	"order" : 0,
	"template" : "exim*",
	"settings" : {
	"index.refresh_interval" : "5s"
	},
	"mappings" : {
	"deferred" : {
	"properties" : {
	"exim_msg_state" : {
	"type" : "string"
	},
	"logsource" : {
	"type" : "string"
	},
	"host" : {
	"type" : "string"
	},
	"exim_msg_id" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"exim_year" : {
	"type" : "string"
	},
	"exim_date" : {
	"format" : "dateOptionalTime",
	"type" : "string"
	},
	"exim_month" : {
	"type" : "string"
	},
	"pid" : {
	"type" : "string"
	},
	"host_type" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"@version" : {
	"type" : "string"
	},
	"timestamp" : {
	"type" : "string"
	},
	"message" : {
	"type" : "string"
	},
	"@timestamp" : {
	"format" : "dateOptionalTime",
	"type" : "date"
	},
	"exim_flags" : {
	"type" : "string"
	},
	"exim_pid" : {
	"type" : "string"
	},
	"program" : {
	"type" : "string"
	},
	"path" : {
	"type" : "string"
	},
	"exim_day" : {
	"type" : "string"
	},
	"exim_time" : {
	"type" : "string"
	}
	}
	},
	"failed" : {
	"properties" : {
	"exim_msg_state" : {
	"type" : "string"
	},
	"logsource" : {
	"type" : "string"
	},
	"host" : {
	"type" : "string"
	},
	"exim_msg_id" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"exim_year" : {
	"type" : "string"
	},
	"exim_date" : {
	"format" : "dateOptionalTime",
	"type" : "string"
	},
	"exim_month" : {
	"type" : "string"
	},
	"pid" : {
	"type" : "string"
	},
	"host_type" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"@version" : {
	"type" : "string"
	},
	"timestamp" : {
	"type" : "string"
	},
	"message" : {
	"type" : "string"
	},
	"@timestamp" : {
	"format" : "dateOptionalTime",
	"type" : "date"
	},
	"exim_flags" : {
	"type" : "string"
	},
	"exim_pid" : {
	"type" : "string"
	},
	"program" : {
	"type" : "string"
	},
	"path" : {
	"type" : "string"
	},
	"exim_day" : {
	"type" : "string"
	},
	"exim_time" : {
	"type" : "string"
	}
	}
	},
	"received" : {
	"properties" : {
	"logsource" : {
	"type" : "string"
	},
	"exim_interface_port" : {
	"type" : "string"
	},
	"exim_subject" : {
	"type" : "string"
	},
	"@version" : {
	"type" : "string"
	},
	"host_type" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"remote_host" : {
	"type" : "string"
	},
	"timestamp" : {
	"type" : "string"
	},
	"env_sender" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"exim_pid" : {
	"type" : "string"
	},
	"remote_hostname" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"path" : {
	"type" : "string"
	},
	"exim_day" : {
	"type" : "string"
	},
	"exim_time" : {
	"type" : "string"
	},
	"exim_msg_size" : {
	"type" : "integer"
	},
	"exim_msg_state" : {
	"type" : "string"
	},
	"protocol" : {
	"type" : "string"
	},
	"host" : {
	"type" : "string"
	},
	"exim_msg_id" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"exim_year" : {
	"type" : "string"
	},
	"tls_info" : {
	"type" : "string"
	},
	"exim_month" : {
	"type" : "string"
	},
	"exim_date" : {
	"format" : "dateOptionalTime",
	"type" : "string"
	},
	"pid" : {
	"type" : "string"
	},
	"message" : {
	"type" : "string"
	},
	"@timestamp" : {
	"format" : "dateOptionalTime",
	"type" : "date"
	},
	"exim_interface" : {
	"type" : "string"
	},
	"exim_flags" : {
	"type" : "string"
	},
	"remote_heloname" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"program" : {
	"type" : "string"
	},
	"exim_header_id" : {
	"type" : "string",
	"index" : "not_analyzed"
	}
	}
	},
	"rejected_smtp_transaction" : {
	"properties" : {
	"exim_msg_state" : {
	"type" : "string"
	},
	"exim_rej_reason" : {
	"type" : "string"
	},
	"logsource" : {
	"type" : "string"
	},
	"host" : {
	"type" : "string"
	},
	"exim_year" : {
	"type" : "string"
	},
	"env_rcpt" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"exim_date" : {
	"format" : "dateOptionalTime",
	"type" : "string"
	},
	"exim_month" : {
	"type" : "string"
	},
	"pid" : {
	"type" : "string"
	},
	"host_type" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"@version" : {
	"type" : "string"
	},
	"remote_host" : {
	"type" : "string"
	},
	"timestamp" : {
	"type" : "string"
	},
	"message" : {
	"type" : "string"
	},
	"@timestamp" : {
	"format" : "dateOptionalTime",
	"type" : "date"
	},
	"remote_heloname" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"exim_pid" : {
	"type" : "string"
	},
	"program" : {
	"type" : "string"
	},
	"remote_hostname" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"path" : {
	"type" : "string"
	},
	"exim_day" : {
	"type" : "string"
	},
	"exim_time" : {
	"type" : "string"
	}
	}
	},
	"rejected_after_data" : {
	"properties" : {
	"exim_msg_state" : {
	"type" : "string"
	},
	"exim_rej_reason" : {
	"type" : "string"
	},
	"logsource" : {
	"type" : "string"
	},
	"host" : {
	"type" : "string"
	},
	"exim_msg_id" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"exim_year" : {
	"type" : "string"
	},
	"exim_date" : {
	"format" : "dateOptionalTime",
	"type" : "string"
	},
	"exim_month" : {
	"type" : "string"
	},
	"pid" : {
	"type" : "string"
	},
	"host_type" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"@version" : {
	"type" : "string"
	},
	"remote_host" : {
	"type" : "string"
	},
	"timestamp" : {
	"type" : "string"
	},
	"message" : {
	"type" : "string"
	},
	"@timestamp" : {
	"format" : "dateOptionalTime",
	"type" : "date"
	},
	"remote_heloname" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"exim_pid" : {
	"type" : "string"
	},
	"program" : {
	"type" : "string"
	},
	"remote_hostname" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"path" : {
	"type" : "string"
	},
	"exim_day" : {
	"type" : "string"
	},
	"exim_time" : {
	"type" : "string"
	}
	}
	},
	"delivered" : {
	"properties" : {
	"logsource" : {
	"type" : "string"
	},
	"env_sender" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"env_rcpt" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"env_rcpt_outer" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"@version" : {
	"type" : "string"
	},
	"host_type" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"remote_host" : {
	"type" : "string"
	},
	"timestamp" : {
	"type" : "string"
	},
	"exim_pid" : {
	"type" : "string"
	},
	"remote_hostname" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"path" : {
	"type" : "string"
	},
	"exim_day" : {
	"type" : "string"
	},
	"exim_time" : {
	"type" : "string"
	},
	"exim_transport" : {
	"type" : "string"
	},
	"exim_msg_state" : {
	"type" : "string"
	},
	"host" : {
	"type" : "string"
	},
	"exim_msg_id" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"exim_year" : {
	"type" : "string"
	},
	"tls_info" : {
	"type" : "string"
	},
	"exim_month" : {
	"type" : "string"
	},
	"exim_date" : {
	"format" : "dateOptionalTime",
	"type" : "string"
	},
	"exim_router" : {
	"type" : "string"
	},
	"pid" : {
	"type" : "string"
	},
	"message" : {
	"type" : "string"
	},
	"@timestamp" : {
	"format" : "dateOptionalTime",
	"type" : "date"
	},
	"exim_qt" : {
	"type" : "string"
	},
	"exim_flags" : {
	"type" : "string"
	},
	"program" : {
	"type" : "string"
	}
	}
	},
	"completed" : {
	"properties" : {
	"exim_msg_state" : {
	"type" : "string"
	},
	"logsource" : {
	"type" : "string"
	},
	"host" : {
	"type" : "string"
	},
	"exim_msg_id" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"exim_year" : {
	"type" : "string"
	},
	"exim_date" : {
	"format" : "dateOptionalTime",
	"type" : "string"
	},
	"exim_month" : {
	"type" : "string"
	},
	"pid" : {
	"type" : "string"
	},
	"host_type" : {
	"type" : "string",
	"index" : "not_analyzed"
	},
	"@version" : {
	"type" : "string"
	},
	"timestamp" : {
	"type" : "string"
	},
	"message" : {
	"type" : "string"
	},
	"@timestamp" : {
	"format" : "dateOptionalTime",
	"type" : "date"
	},
	"exim_qt" : {
	"type" : "string"
	},
	"exim_pid" : {
	"type" : "string"
	},
	"program" : {
	"type" : "string"
	},
	"path" : {
	"type" : "string"
	},
	"exim_day" : {
	"type" : "string"
	},
	"exim_time" : {
	"type" : "string"
	},
	"searchresults" : {
	"type" : "string"
	}
	}
	}
	},
	"aliases" : { }
	}'