github-com-docker-mailserver/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00
Code Issues Projects Releases Wiki Activity

Fixes #340 - amavis_duration is now a number and not a string anmymore (#341)

Browse source 
Fixes #340 - amavis_duration is now a number and not a string anymore
This commit is contained in:
Thomas VIAL 2016-09-30 13:54:50 +02:00 committed by GitHub
parent e4bab5b996
commit a97c8075ee
3 changed files with 24 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
elk/16-amavis.conf Normal file
View file

@ -0,0 +1,23 @@
filter {
# grok log lines by program name
if [program] == 'amavis' {
grok {
patterns_dir => "/etc/logstash/patterns.d"
match => [ "message", "%{AMAVIS}" ]
tag_on_failure => [ "_grok_amavis_nomatch" ]
add_tag => [ "_grok_amavis_success" ]
}
}
# Do some data type conversions
mutate {
convert => [
# list of integer fields
"amavis_size", "integer",
"amavis_duration", "integer",
# list of float fields
"amavis_hits", "float"
]
}
}

5
elk/Dockerfile
View file

@ -6,7 +6,7 @@ RUN curl -L https://raw.githubusercontent.com/whyscream/postfix-grok-patterns/ma
RUN curl -L https://raw.githubusercontent.com/whyscream/postfix-grok-patterns/master/50-filter-postfix.conf > /etc/logstash/conf.d/15-filter-postfix.conf RUN curl -L https://raw.githubusercontent.com/whyscream/postfix-grok-patterns/master/50-filter-postfix.conf > /etc/logstash/conf.d/15-filter-postfix.conf
# custom amavis grok and filter # custom amavis grok and filter
ADD amavis.grok /etc/logstash/patterns.d ADD amavis.grok /etc/logstash/patterns.d
RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/exmples/50-filter-amavis.conf > /etc/logstash/conf.d/16-filter-amavis.conf ADD 16-amavis.conf /etc/logstash/conf.d
# dovecot grok and filter # dovecot grok and filter
RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/patterns.d/dovecot.grok > /etc/logstash/patterns.d/dovecot.grok RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/patterns.d/dovecot.grok > /etc/logstash/patterns.d/dovecot.grok
RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/exmples/50-filter-dovecot.conf > /etc/logstash/conf.d/17-filter-dovecot.conf RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/exmples/50-filter-dovecot.conf > /etc/logstash/conf.d/17-filter-dovecot.conf
@ -21,6 +21,3 @@ RUN gosu logstash bin/logstash-plugin install --local --no-verify logstash-filte
ADD 02-beats-input.conf /etc/logstash/conf.d/ ADD 02-beats-input.conf /etc/logstash/conf.d/
# override syslog # override syslog
ADD 10-syslog.conf /etc/logstash/conf.d/ ADD 10-syslog.conf /etc/logstash/conf.d/

10
elk/amavis.grok
View file

@ -1,11 +1 @@
MAVIS_MESSAGEID Message-ID: <%{DATA:amavis_message-id}>
AMAVIS_SIZE size: %{POSINT:amavis_size}
AMAVIS_TESTS Tests: \[%{DATA:amavis_tests}\]
AMAVIS_FROM From: %{DATA:amavis_header_from}
AMAVIS_HITS Hits: %{NUMBER:amavis_hits}
AMAVIS_QUARANTINE quarantine: %{NOTSPACE:amavis_quarantine}
AMAVIS_SUBJECT Subject: "%{DATA:amavis_subject}"
AMAVIS_KV ((%{AMAVIS_MESSAGEID}|%{AMAVIS_SIZE}|%{AMAVIS_TESTS}|%{AMAVIS_FROM}|%{AMAVIS_HITS}|%{AMAVIS_QUARANTINE}|%{AMAVIS_SUBJECT}|%{DATA}), )*
AMAVIS \(%{DATA:amavis_id}\) %{DATA:amavis_action} %{DATA:amavis_status} {%{DATA:amavis_relaytype}},( %{GREEDYDATA:amavis_policybank})? \[%{IP:remote_ip}\]:%{POSINT:remote_port} \[%{IP:amavis_ip}\] <%{DATA:from}> -> <%{DATA:to}>(, quarantine: %{DATA:quarantine_id})?, Queue-ID: %{DATA:queue_id}(, Message-ID: <%{DATA:message_id}>)?(, mail_id: %{DATA:mail_id})?, Hits: %{NUMBER:amavis_hits}, size: %{POSINT:amavis_size}(, queued_as: %{DATA:amavis_queue_id})?(, dkim_sd=%{DATA:amavis_dkim})?, %{NUMBER:amavis_duration} ms AMAVIS \(%{DATA:amavis_id}\) %{DATA:amavis_action} %{DATA:amavis_status} {%{DATA:amavis_relaytype}},( %{GREEDYDATA:amavis_policybank})? \[%{IP:remote_ip}\]:%{POSINT:remote_port} \[%{IP:amavis_ip}\] <%{DATA:from}> -> <%{DATA:to}>(, quarantine: %{DATA:quarantine_id})?, Queue-ID: %{DATA:queue_id}(, Message-ID: <%{DATA:message_id}>)?(, mail_id: %{DATA:mail_id})?, Hits: %{NUMBER:amavis_hits}, size: %{POSINT:amavis_size}(, queued_as: %{DATA:amavis_queue_id})?(, dkim_sd=%{DATA:amavis_dkim})?, %{NUMBER:amavis_duration} ms