Comments (6)
A full line looks like:
Mar 10 12:08:39 hostname postfix-in/submission/smtpd[8871]: warning: ec2-3-84-57-208.compute-1.amazonaws.com[3.84.57.208]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
We currently already try to extract a queue id and various key-value data from a warning message. I guess it would be possible to extract the client info too, similar to all the other line that contain client details.
from postfix-grok-patterns.
A full line looks like:
Mar 10 12:08:39 hostname postfix-in/submission/smtpd[8871]: warning: ec2-3-84-57-208.compute-1.amazonaws.com[3.84.57.208]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
We currently already try to extract a queue id and various key-value data from a warning message. I guess it would be possible to extract the client info too, similar to all the other line that contain client details.
Can You update the master file in github with Your patterns? If not maybe it is a good idea, or maybe you can just share it? Basicly it is nice to see the potentialy attacker ip in separate field.
from postfix-grok-patterns.
There are no updated files yet. What I described is already in master. Extracting the client details is something that can be added. I'll give it a try when I have some time later this week
from postfix-grok-patterns.
OK.Thanks.
If You need some test before, i can help. Let me know...
from postfix-grok-patterns.
I think I already solved it using #138. Please try it.
from postfix-grok-patterns.
I will check it tomorrow and for sure i will let You know.
from postfix-grok-patterns.
Related Issues (20)
- Polluted fields like #143 HOT 4
- No smtpd NOQUEUE mails in log HOT 5
- Integration with rsyslog HOT 4
- Not getting new columns with aggregation
- Pattern for smtp / PIX workarounds missing? HOT 2
- warn_if_reject
- Fields are not loaded if an aggregate filter is used HOT 3
- Messages status doesn't work HOT 1
- Grok pattern POSTFIX_STATUS_CODE_ENHANCED can't parse "5.1.10" HOT 4
- New patterns HOT 5
- ECS compatibility HOT 1
- ECS authentication fields for SIEM HOT 1
- RCPT_TO / Return-Path HOT 6
- Deleting unnecessary messages HOT 4
- postfix_from and postfix_to address HOT 3
- filter postfix aggreate does not aggreate 100% log HOT 3
- Filebeat module HOT 1
- Question - Kibana Dashboards? HOT 3
- POSTFIX_WARNING_* patterns match POSTFIX_QUEUEID in the wrong position HOT 3
- Switch to ECS field naming
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from postfix-grok-patterns.