Hi, I'm working on aggregating event logs and trying to correlate all related events using session IDs. However, I’m struggling with some events as they're missing the session ID.

1. proxy_session_* events lack a session ID field, making it difficult to pair them with auth_request_* events.
2. when using dovecot as sasl for postfix with a unix listener, both auth_request_* and auth_passdb_request_* events are missing the session ID too.

Example of the fields object for auth_request_finished when using smtp. It's missing multiple common fields, but session ID is, imho, the most important one. https://doc.dovecot.org/2.3/admin_manual/list_of_events/#id1

    categories: [ "auth", "service:auth" ]
    "fields": {
      "translated_user": "alex",
      "mechanism": "LOGIN",
      "real_remote_ip": "X.X.X.X",
      "user": "alex",
      "transport": "insecure",
      "local_ip": "X.X.X.X",
      "remote_ip": "X.X.X.X",
      "real_local_ip": "X.X.X.X",
      "policy_result": "ok",
      "service": "smtp",
      "duration": 96764,
      "original_user": "alex"
    },

Would it be possible to add session ID fields to these logs? Alternatively, is there another method to correlate all the session related logs?

Thanks, Matus

Dovecot v. 2.3.21