Logstash pattern (GROK, KV, ...) to parse dovecot logs anyone?
Christian Rohmann
crohmann at netcologne.de
Wed Dec 2 00:52:22 UTC 2015
Hello dovecot-users,
I am currently playing with Elastics ELK stack and was kind of surprised to NOT
yet find a good set of GROK or KV pattern to parse dovecots lush and information
rich logs.
The last post regarding this endeavor was in 2014
(http://www.dovecot.org/list/dovecot/2014-June/096589.html), which "only"
extracts the key->value pairs but not other parts of the log lines.
One finds the occasional attempt here and there on GitHub, like
https://github.com/PCextreme/logstash-grok-patterns/blob/master/mail .
But nothing in comparison to the simply amazingly good patterns there are for
Postfix from whyscream (https://github.com/whyscream/postfix-grok-patterns). He
even added some "I don't understand this yet" rule to learn where the parsing
lags.
I was wondering if anyone here is running logstash and does already have a set
of GROK or KV configuration and is willing to share that with the world?
A joint effort might get us to a complete extraction of key->values and all
other interesting fields for dovecot quickly I hope.
Regards
Christian
More information about the dovecot
mailing list