Skip to content

Instantly share code, notes, and snippets.

@jbrownsc
Last active December 12, 2015 01:49
Show Gist options
  • Save jbrownsc/4694258 to your computer and use it in GitHub Desktop.
Save jbrownsc/4694258 to your computer and use it in GitHub Desktop.
Postfix Logstash Patterns and Config - First round Based on https://gist.github.com/4385673
input {
stdin { type => "file" }
#redis {
# data_type => 'list'
# host => 'localhost'
# key => 'logstash:beaver'
# type => 'redis-input-beaver'
#}
}
filter {
grok {
tags => [ "syslog" ]
pattern => [ "%{SYSLOGBASE}" ]
add_tag => "%{program}"
}
grok {
tags => [ "postfix/smtpd" ]
pattern => [ "%{POSTFIXSMTPDCONNECTS}",
"%{POSTFIXSMTPDACTIONS}",
"%{POSTFIXSMTPDTIMEOUTS}",
"%{POSTFIXSMTPDLOGIN}",
"." ]
named_captures_only => true
}
grok {
tags => [ "postfix/smtp" ]
pattern => [ "%{POSTFIXSMTPRELAY}",
"%{POSTFIXSMTPCONNECT}",
"%{POSTFIXSMTP5XX}",
"%{POSTFIXSMTPREFUSAL}",
"%{POSTFIXSMTPLOSTCONNECTION}",
"%{POSTFIXSMTPTIMEOUT}",
"." ]
named_captures_only => true
}
grok {
tags => [ "postfix/bounce" ]
pattern => "%{POSTFIXBOUNCE}"
named_captures_only => true
}
grok {
tags => [ "postfix/qmgr" ]
pattern => "%{POSTFIXQMGR}"
named_captures_only => true
}
grok {
tags => [ "postfix/anvil" ]
pattern => "%{POSTFIXANVIL}"
named_captures_only => true
}
grok {
tags => [ "postfix/cleanup" ]
pattern => "%{POSTFIXCLEANUP}"
named_captures_only => true
}
}
output {
stdout { debug => true }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment