On 10 Jun 2014, at 20:31, Bruno Galindro da Costa <bruno.galindro@gmail.com> wrote:
Guys,
I need to parse my dovecot log files with logstash grok patterns. Is there any document specifying the patterns used by dovecot to write it's logs?
I need to find all the log possibilities that could be writed to log files by dovecot. So, if a document like that exists or if anyone could answer my question, I'll could make the parser with less difficult.
kv filter in logstash is very useful with dovecot, below is short snippet that will extract key=value pairs specified in “include_keys” from log line.
Additionally you might want to set mail_log_prefix to be something like “service=%s, user=%s, ” to make it easier to parse.
filter { if [syslog_program] == "dovecot" { kv { source => "syslog_message" trim => "," include_keys => [ "box", "from", "in", "lip", "method", "mpid", "msgid", "out", "rip", "session", "size", "user" ] } } }