Matthew Newton mcnewton
mcnewton
/ logstash-config-exim
Last active
September 1, 2021 19:41
— forked from greem/logstash-config-exim
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| file { | |
| path => "/path/to/exim/mainlog" | |
| start_position => 'beginning' | |
| sincedb_path => "/dev/null" | |
| } | |
| # udp { | |
| # port => 5000 | |
| # type => syslog | |
| # } |
mcnewton
/ logstash-patterns-exim
Last active
September 1, 2021 19:41
— forked from greem/logstash-patterns-exim
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| EXIM_MSGID [0-9A-Za-z]{6}-[0-9A-Za-z]{6}-[0-9A-Za-z]{2} | |
| EXIM_FLAGS (<=|[-=>*]>|[*]{2}|==) | |
| EXIM_DATE %{YEAR:exim_year}-%{MONTHNUM:exim_month}-%{MONTHDAY:exim_day} %{TIME:exim_time} | |
| EXIM_PID \[%{POSINT}\] | |
| EXIM_QT ((\d+y)?(\d+w)?(\d+d)?(\d+h)?(\d+m)?(\d+s)?) | |
| EXIM_EXCLUDE_TERMS (Message is frozen|(Start|End) queue run| Warning: | retry time not reached | no (IP address|host name) found for (IP address|host) | unexpected disconnection while reading SMTP command | no immediate delivery: |another process is handling this message) | |
| EXIM_REMOTE_HOST (H=(%{NOTSPACE:remote_hostname} )?(\(%{NOTSPACE:remote_heloname}\) )?\[%{IP:remote_host}\](:%{NUMBER:remote_port})?) | |
| EXIM_INTERFACE (I=\[%{IP:exim_interface}\](:%{NUMBER:exim_interface_port})?) | |
| EXIM_PROTOCOL (P=%{NOTSPACE:protocol}) | |
| EXIM_MSG_SIZE (S=%{NUMBER:exim_msg_size}) |