# Copyright (c) 2014 Flowerfire, Inc. All Rights Reserved. zimbra = { plugin_version = "1.1" # 2014-03-03 - 1.0 - GMF - Initial creation # 2014-03-04 - 1.1 - GMF - Added parsing of *all* second-bracket sections, not just those matching a short list of operations info.1.manufacturer = "Zimbra" info.1.device = "Collaboration Mail Server" info.1.version.1 = "" # The name of the log format log.format.format_label = "Zimbra Collaboration Mail Server" log.miscellaneous.log_data_type = "mail_server" log.miscellaneous.log_format_type = "mail_server" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9],[0-9][0-9][0-9] [A-Z]+ [[][^]]*[]] [[][^]]*[]] " log.format.parse_only_with_filters = "true" # Log fields log.fields = { date = "" time = "" priority = "" event_type = "" # smtp fields name = "" mid = "" ip = "" cmd = "" deviceid = "" version = "" # lmtp fields sender = "" # soap fields ua = "" events = "" # elapsed = "" size = "" } # log.fields log.parsing_filters.parse = ` #2014-02-18 03:10:49,116 INFO [MailboxPurge] [name=abc@here.com;mid=9;] purge - Purging messages. if (matches_regular_expression(current_log_line(), '^([0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]) ([0-9][0-9]:[0-9][0-9]:[0-9][0-9]),[0-9][0-9][0-9] ([A-Z]+) [[]([^]]*)[]] [[]([^]]*)[]] ([^ ]+) - (.*)$')) then ( set_collected_field('', 'date', $1); set_collected_field('', 'time', $2); set_collected_field('', 'priority', $3); v.param1 = $4; v.param2 = $5; v.event_type = $6; set_collected_field('', 'event_type', v.event_type); v.message = $7; # if ((v.event_type eq 'smtp') or # # #2014-02-18 01:00:58,901 INFO [LmtpServer-26] [name=admin@here.com;mid=2;ip=12.34.56.78;] mailop - Adding Message: id=4315, Message-ID=<1465910109.2057.1392660023981.JavaMail.zimbra@here.com>, parentId=-1, folderId=2, folderName=Inbox. # (v.event_type eq 'mailop') or # # #2014-02-18 10:32:07,460 INFO [LmtpServer-26] [ip=12.34.56.78;] lmtp - Delivering message: size=3094 bytes, nrcpts=1, sender=abc@here.com, msgid=<2034579142.219.1392694329829.JavaMail.zimbra@here.com> # (v.event_type eq 'lmtp') or # # #2014-02-18 00:00:20,965 INFO [qtp1185098204-885372:https://127.0.0.1:7071/service/admin/soap/GetAllServersRequest] [name=zimbra;ip=127.0.0.1;ua=zmprov/8.0.5_GA_5839;] soap - GetAllServersRequest elapsed=2 # (v.event_type eq 'soap') or # # #2014-02-18 00:01:10,200 INFO [qtp1185098204-885270:https://12.34.56.78:443/Microsoft-Server-ActiveSync?User=abc@here.com&DeviceId=ApplDLXK5307F19K&DeviceType=iPad&Cmd=Ping] [name=abc@here.com;mid=21;ip=23.45.67.89;Cmd=Ping;DeviceID=ApplDLXK5307F19K;Version=12.1;] sync - [Ping] (session 526103) no change, continuation resumed after 899 seconds (targeted 900 seconds) # (v.event_type eq 'soap') or # # ) then ( collect_listed_fields('', v.param2, ';', '=', ''); # ); #2014-02-18 10:32:07,460 INFO [LmtpServer-26] [ip=12.34.56.78;] lmtp - Delivering message: size=3094 bytes, nrcpts=1, sender=abc@here.com, msgid=<2034579142.219.1392694329829.JavaMail.zimbra@here.com> if ((v.event_type eq 'lmtp') and (matches_regular_expression(v.message, '^Delivering message: size=([0-9]+) bytes, nrcpts=([0-9]+), sender=([^,]+), '))) then ( set_collected_field('', 'size', $1); set_collected_field('', 'nrcpts', $2); set_collected_field('', 'sender', $3); ); # lmtp accept_collected_entry('', false); ); ` # Database fields database.fields = { date_time = "" day_of_week = "" hour_of_day = "" priority = "" event_type = "" # smtp fields name = "" mid = "" ip = "" cmd = "" deviceid = "" version = "" # lmtp fields sender = "" # soap fields ua = "" } # database.fields # Log Filters log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'events = 1;' } # mark_entry } # log.filters database.numerical_fields = { events = { default = true entries_field = true } # events # elapsed = { # integer_bits = 64 # display_format_type = "duration_compact" # } # elapsed size = { type = "int" integer_bits = 64 display_format_type = "bandwidth" } # size } # database.numerical_fields create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { date_time_group = "" } # report_groups } # create_profile_wizard_options } # zimbra