beta_postfix = { # This was created to attampt to fix a number of problems with the old format, # without changing the existing format, as that would take too long and may not succeed. # A 'ground up' approach has been undertaken. This has now been updated to v7 Salang parse # filter and renamed to the current label as the first choice for this log (the old postfix has been removed). # The name of the log format log.format.format_label = "Postfix Log Format (BETA)" log.miscellaneous.log_data_type = "syslog_required" log.miscellaneous.log_format_type = "mail_server" # The log is in this format if there is a match this regular expression log.format.autodetect_regular_expression = "postfix" # Search this many lines for the regex for auto-detect (this is set so high because of some variants # that produce many lines at the top of the file that do not contain our test "postfix", # for performance, this could be reduced without much danger). log.format.autodetect_lines = "100" # All log field parsing will be done using the parsing filters log.format.parse_only_with_filters = "true" # This discards uncollected entries after 10000 lines log.format.collected_entry_lifespan = "10000" log.format.discard_expired_entries = true # Log fields log.fields = { from = { type = "hierarchical" hierarchy_dividers = "@" left_to_right = false leading_divider = false } to = { type = "hierarchical" hierarchy_dividers = "@" left_to_right = false leading_divider = false } size = "" user = "" rbl_list = "" client_hostname = "" client_ip.type = "host" relay_hostname = "" relay_ip = "" direction = "" status = "" sc_status = "" # nrcpt = "" # counter = "" messages_delivered = "" messages_processed = "" messages_blocked = "" messages_expired = "" messages_delivered = "" messages_bounced = "" bytes_delivered = "" bytes_processed = "" bytes_blocked = "" bytes_expired = "" bytes_delivered = "" bytes_bounced = "" } # log.fields # Log Parsing Filters log.parsing_filters.parse = ` if (matches_regular_expression(v.syslog_message, '^[^ ]+\\[*[^]]*\\]* ([0-9A-f]+|NOQUEUE): (.*)$')) then ( v.key = $1; set_collected_field(v.key, 'date', get_collected_field('', 'date')); set_collected_field(v.key, 'time', get_collected_field('', 'time')); set_collected_field(v.key, 'logging_device', get_collected_field('', 'logging_device')); v.message = $2; if (matches_regular_expression(v.message, '^client=([^[]*)\\[([^]]*)\\]$')) then ( if ($1 ne 'localhost') then ( set_collected_field(v.key, 'client_hostname', $1); set_collected_field(v.key, 'client_ip', $2); ); ); # Handle blocked messages else if (matches_regular_expression(v.message, '^(reject): RCPT from ([^[]*)\\[([^]]*)\\]: ([0-9][0-9][0-9]) [^;]+;(.*)$')) then ( set_collected_field(v.key, 'status', $1); v.client_hostname = $3; set_collected_field(v.key, 'client_hostname', v.client_hostname); set_collected_field(v.key, 'client_ip', $3); set_collected_field(v.key, 'sc_status', $4); v.message = $5; if (matches_regular_expression(v.message, '^ *Client host \\[[0-9.]+\\] blocked using ([^;]+);[^;]*;* (.*)$')) then ( set_collected_field(v.key, 'rbl_list', $1); v.message = $2; ); if (matches_regular_expression(v.message, '^ *from=<([^>]*)> to=<([^>]*)> ')) then ( set_collected_field(v.key, 'from', $5); set_collected_field(v.key, 'to', $6); set_collected_field(v.key, 'messages_blocked', 1); set_collected_field(v.key, 'bytes_blocked', get_collected_field(v.key, 'size')); accept_collected_entry(v.key, true); ); ); # Handle from= lines else if (matches_regular_expression(v.message, '^from=([^,]*),(.*)$')) then ( v.from = $1; v.message = $2; if (matches_regular_expression(v.from, '^<([^>]*)>$')) then v.from = $1; set_collected_field(v.key, 'from', v.from); v.status = ""; if (matches_regular_expression(v.message, '^ size=([0-9]*)(.*)$')) then ( set_collected_field(v.key, 'size', $1); ) else if (matches_regular_expression(v.message, '^ status=([^,]*),')) then ( v.status = $1; set_collected_field(v.key, 'status', $1); ); if (v.status eq 'expired') then ( set_collected_field(v.key, 'messages_expired', 1); set_collected_field(v.key, 'bytes_expired', get_collected_field(v.key, 'size')); ); set_collected_field(v.key, 'messages_processed', 1); set_collected_field(v.key, 'bytes_processed', get_collected_field(v.key, 'size')); accept_collected_entry(v.key, true); ); # from= # Handle to= lines else if (matches_regular_expression(v.message, '^to=([^,]*),(.*)$')) then ( set_collected_field(v.key, 'date', get_collected_field('', 'date')); set_collected_field(v.key, 'time', get_collected_field('', 'time')); set_collected_field(v.key, 'logging_device', get_collected_field('', 'logging_device')); v.to = $1; if (matches_regular_expression(v.to, '^<([^>]*)>$')) then v.to = $1; set_collected_field(v.key, 'to', v.to); v.message = $2; if (matches_regular_expression(v.message, '^ orig_to=([^,]*),(.*)$')) then ( v.message = $2; ); if (matches_regular_expression(v.message, '^ relay=([^,]*),(.*)$')) then ( v.relay_ip = $1; v.message = $2; if (matches_regular_expression(v.relay_ip, '^([^[]*)\\[([0-9.]*)\\]$')) then ( set_collected_field(v.key, 'relay_hostname', $1); v.relay_ip = $2; ); set_collected_field(v.key, 'relay_ip', v.relay_ip); ); if (matches_regular_expression(v.message, '^ delay=([^,]*),(.*)$')) then ( set_collected_field(v.key, 'delay', $1); v.message = $2; ); if (matches_regular_expression(v.message, '^ status=([^, ]*) \\(([0-9]+) ([^)]*)\\)')) then ( v.status = $1; set_collected_field(v.key, 'status', v.status); set_collected_field(v.key, 'response_code', $2); set_collected_field(v.key, 'response_message', $3); v.message = $2; ); if (matches_regular_expression(v.message, 'queued as ([0-9A-Z]+)\\)')) then ( set_collected_field(v.key, 'size', get_collected_field($1, 'size')); if (get_collected_field($1, 'client_hostname') eq '(empty)') then set_collected_field(v.key, 'client_hostname', get_collected_field($1, 'client_hostname')); if (get_collected_field($1, 'client_ip') eq '(empty)') then set_collected_field(v.key, 'client_ip', get_collected_field($1, 'client_ip')); ); set_collected_field(v.key, 'messages_processed', 0); set_collected_field(v.key, 'bytes_processed', 0); if (v.status eq 'sent') then ( set_collected_field(v.key, 'messages_delivered', 1); set_collected_field(v.key, 'bytes_delivered', get_collected_field(v.key, 'size')); ); else if (v.status eq 'bounce') then ( set_collected_field(v.key, 'messages_bounced', 1); set_collected_field(v.key, 'bytes_bounced', get_collected_field(v.key, 'size')); ); accept_collected_entry(v.key, true); ); # if to= ); ` # Database fields database.fields = { from = "" to = "" client_hostname = "" client_ip = "" relay_hostname = "" relay_ip = "" status = "" sc_status = "" rbl_list = "" } # database.fields database.numerical_fields = { messages_delivered = { default = true } messages_processed = { default = true } messages_blocked = "" messages_expired = "" messages_bounced = "" bytes_delivered = { type = "float" display_format_type = "bandwidth" default = true } bytes_processed = { type = "float" display_format_type = "bandwidth" default = true } bytes_blocked = { type = "float" display_format_type = "bandwidth" } bytes_expired = { type = "float" display_format_type = "bandwidth" } bytes_bounced = { type = "float" display_format_type = "bandwidth" } # nrcpt = { ## label = "$lang_stats.field_labels.nrcpt" # default = false # requires_log_field = false # type = "int" # display_format_type = "integer" # entries_field = true # } # nrcpt # # size = { # label = "$lang_stats.field_labels.size" # default = false # requires_log_field = true # log_field = "size" # type = "float" # display_format_type = "bandwidth" # } # size } # database.numerical_fields create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { from = true to = true rbl_list = true client_hostname = true client_ip = true relay_hostname = true relay_ip = true status = true sc_status = true } # report_groups } # create_profile_wizard_options } # beta_postfix