Parse dovecot 2.2 logs with logstash
Robert Schetterer
rs at sys4.de
Thu Jun 12 13:22:20 UTC 2014
Am 12.06.2014 13:51, schrieb Bruno Galindro da Costa:
> Jarkko, many, many and many thanks! This will save a LOT of work...
>
>
>
> 2014-06-11 4:52 GMT-03:00 Jarkko Mourujärvi <jarkko.mourujarvi at dovecot.fi>:
>
>> On 10 Jun 2014, at 20:31, Bruno Galindro da Costa <
>> bruno.galindro at gmail.com> wrote:
>>
>>> Guys,
>>>
>>> I need to parse my dovecot log files with logstash grok patterns. Is
>>> there any document specifying the patterns used by dovecot to write it's
>>> logs?
>>>
>>> I need to find all the log possibilities that could be writed to log
>>> files by dovecot. So, if a document like that exists or if anyone could
>>> answer my question, I'll could make the parser with less difficult.
>>
>> kv filter in logstash is very useful with dovecot, below is short snippet
>> that will extract key=value pairs specified in “include_keys” from log line.
>>
>> Additionally you might want to set mail_log_prefix to be something like
>> “service=%s, user=%s, ” to make it easier to parse.
>>
>> filter {
>> if [syslog_program] == "dovecot" {
>> kv {
>> source => "syslog_message"
>> trim => ","
>> include_keys => [ "box", "from", "in", "lip", "method", "mpid",
>> "msgid", "out", "rip", "session", "size", "user" ]
>> }
>> }
>> }
>>
>
>
>
should go into wiki, too
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the dovecot
mailing list