Comments (2)
whyscream
commented on June 19, 2024
There are no 'nomatch' errors, it's just a helper to find lines that I might have missed. When their content is not interesting, there is no need to grok them.
The first example is indeed not supported, but should be. The warning looks like a c/p error though, the message is repeated twice.
The second example is harder. Does the line contain any useful data to you? I.e. anything that you feel should be grokked out of it? if so, could you give an example of the data you would like to extract?
Furthermore: when I do a header replace on my system, this is applied by the cleanup daemon, not by the smtp daemon as in your example. Could you give me an unaltered example line?
from postfix-grok-patterns.
lukbaum
commented on June 19, 2024
No, I don't need the data, thought it would be interesting for completeness. The repeating message was no c/p error, I added a field via grok to the message field, which did already exist. My mistake. So the line would be
Nov 23 20:15:38 elk postfix/smtp[XXXX]: QID: replace: header From: "(Cron Daemon)" <XXX>: From: XXX
But I verified that the message is indeed from the smtp program, if you're interested, the corresponding lines in /etc/postfix/main.cf are
sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps = regexp:/etc/postfix/sender_canonical_maps
smtp_header_checks = regexp:/etc/postfix/header_check
Postfix version is 2.10.1 and my OS is CentOS 7.4.
from postfix-grok-patterns.
Related Issues (20)
- Could not index event to Elasticsearch HOT 2
- Postifx polluted fields HOT 4
- Polluted fields like #143 HOT 4
- No smtpd NOQUEUE mails in log HOT 5
- Integration with rsyslog HOT 4
- Not getting new columns with aggregation
- Pattern for smtp / PIX workarounds missing? HOT 2
- warn_if_reject
- Fields are not loaded if an aggregate filter is used HOT 3
- Messages status doesn't work HOT 1
- Grok pattern POSTFIX_STATUS_CODE_ENHANCED can't parse "5.1.10" HOT 4
- New patterns HOT 5
- ECS compatibility HOT 1
- ECS authentication fields for SIEM HOT 1
- RCPT_TO / Return-Path HOT 6
- Deleting unnecessary messages HOT 4
- postfix_from and postfix_to address HOT 3
- filter postfix aggreate does not aggreate 100% log HOT 3
- Filebeat module HOT 1
- Question - Kibana Dashboards? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from postfix-grok-patterns.