Last active
April 24, 2025 10:07
-
-
Save sawanoboly/0b6cb84f8eb25bc108ba to your computer and use it in GitHub Desktop.
postfix log status line regexp for fluentd(ruby)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <source> | |
| type tail | |
| # format /(?<time>[\w]+\s+[\d]+\s[\d:]+)\s+(?<host>[\w]+)\s+(?<process>[\w\/]+)\[(?<pid>[\d]+)\]\:\s(?<queue_id>[\w]{11}):\s(?<data>.+)/ | |
| format /(?<time>[\w]+\s+[\d]+\s[\d:]+)\s+(?<data>.+)/ | |
| time_format %b %d %H:%M:%S | |
| path /var/log/mail.log | |
| pos_file /opt/fluentd/tmp/mail.log.pos2 | |
| tag raw.postfix.result | |
| </source> | |
| <match raw.postfix.result> | |
| type copy | |
| <store> | |
| type parser | |
| remove_prefix raw | |
| format /(?<host>[\w]+)\s+(?<process>[\w\/]+)\[(?<pid>[\d]+)\]\:\s(?<queue_id>[\w]{11}):\sfrom=(?<from_address>[^,]+),\ssize=(?<size>[^,]+),\snrcpt=(?<nrcpt>[\w]+)\s\((?<message>(.*))\)/ | |
| key_name data | |
| </store> | |
| <store> | |
| type parser | |
| remove_prefix raw | |
| format /(?<host>[\w]+)\s+(?<process>[\w\/]+)\[(?<pid>[\d]+)\]\:\s(?<queue_id>[\w]{11}):\sto=(?<to_address>[^,]+),\srelay=(?<relay>[^,]+),\sdelay=(?<delay>[^,]+),\sdelays=(?<delays>[^,]+),\sdsn=(?<dns>[^,]+),\sstatus=(?<status>[\w]+)\s\((?<message>(.*))\)/ | |
| key_name data | |
| </store> | |
| </match> | |
| <match **.**> | |
| type stdout | |
| </match> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| format /(?<time>[\w]+\s+[\d]+\s[\d:]+)\s+(?<host>[\w]+)\s+(?<process>[\w\/]+)\[(?<pid>[\d]+)\]\:\s(?<queue_id>[\w]{11}):\s(?<data>.+)/ | |
| format /(?<time>[\w]+\s+[\d]+\s[\d:]+)\s+(?<host>[\w]+)\s+(?<process>[\w\/]+)\[(?<pid>[\d]+)\]\:\s(?<queue_id>[\w]{11}):\sfrom=(?<from_address>[^,]+),\ssize=(?<size>[^,]+),\snrcpt=(?<nrcpt>[\w]+)\s\((?<message>(.*))\)/ | |
| format /(?<time>[\w]+\s+[\d]+\s[\d:]+)\s+(?<host>[\w]+)\s+(?<process>[\w\/]+)\[(?<pid>[\d]+)\]\:\s(?<queue_id>[\w]{11}):\sto=(?<to_address>[^,]+),\srelay=(?<relay>[^,]+),\sdelay=(?<delay>[^,]+),\sdelays=(?<delays>[^,]+),\sdsn=(?<dns>[^,]+),\sstatus=(?<status>[\w]+)\s\((?<message>(.*))\)/ | |
| time_format %b %d %H:%M:%S |
ubuntu 14.04 postfix:
to:
(?<host>[\w-]+)\s*(?<process>[\w\/]+)\[(?<pid>[\d]+)\]\:\s*(?<queue_id>[\w]{10}):\s*to=<(?<to_address>[^,]+)>,\s*relay=(?<relay>[^,]+),\s*delay=(?<delay>[^,]+),\s*delays=(?<delays>[^,]+),\s*dsn=(?<dns>[^,]+),\s*status=(?<status>[\w]+)\s*\((?<message>(.*))\)10's chars for queue id and random hostname
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Some of my postfix servers queue_id length is 10 and some others has 12. Is there any way to make common regexp to support different queue_id length?
Thanks,
Varma