mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2025-07-30 23:54:46 +02:00
e4bab5b996
* add support to forward logs to ELK stack. * from docker elk customize image with * https://github.com/whyscream/postfix-grok-patterns * custom imput * override syslog filter. * fix typo. * Explicit forwarder vars and messages. * add amavis grok * add dovecot grok * add geoip db * add logstash geoip plugin * add custom amavis grok from @tomav. * switch to filebeats input * refactor syslog filter * add filebeat * add template config * replace rsyslog with filebeat.
11 lines
1,002 B
Text
11 lines
1,002 B
Text
MAVIS_MESSAGEID Message-ID: <%{DATA:amavis_message-id}>
|
|
AMAVIS_SIZE size: %{POSINT:amavis_size}
|
|
AMAVIS_TESTS Tests: \[%{DATA:amavis_tests}\]
|
|
AMAVIS_FROM From: %{DATA:amavis_header_from}
|
|
AMAVIS_HITS Hits: %{NUMBER:amavis_hits}
|
|
AMAVIS_QUARANTINE quarantine: %{NOTSPACE:amavis_quarantine}
|
|
AMAVIS_SUBJECT Subject: "%{DATA:amavis_subject}"
|
|
AMAVIS_KV ((%{AMAVIS_MESSAGEID}|%{AMAVIS_SIZE}|%{AMAVIS_TESTS}|%{AMAVIS_FROM}|%{AMAVIS_HITS}|%{AMAVIS_QUARANTINE}|%{AMAVIS_SUBJECT}|%{DATA}), )*
|
|
|
|
AMAVIS \(%{DATA:amavis_id}\) %{DATA:amavis_action} %{DATA:amavis_status} {%{DATA:amavis_relaytype}},( %{GREEDYDATA:amavis_policybank})? \[%{IP:remote_ip}\]:%{POSINT:remote_port} \[%{IP:amavis_ip}\] <%{DATA:from}> -> <%{DATA:to}>(, quarantine: %{DATA:quarantine_id})?, Queue-ID: %{DATA:queue_id}(, Message-ID: <%{DATA:message_id}>)?(, mail_id: %{DATA:mail_id})?, Hits: %{NUMBER:amavis_hits}, size: %{POSINT:amavis_size}(, queued_as: %{DATA:amavis_queue_id})?(, dkim_sd=%{DATA:amavis_dkim})?, %{NUMBER:amavis_duration} ms
|
|
|