Jarkko, many, many and many thanks! This will save a LOT of work...
2014-06-11 4:52 GMT-03:00 Jarkko Mourujärvi <jarkko.mouruja...@dovecot.fi>:
> On 10 Jun 2014, at 20:31, Bruno Galindro da Costa <
> bruno.galin...@gmail.com> wrote:
>
> > Guys,
> >
> > I need to parse my dovecot log files with logstash grok patterns. Is
> > there any document specifying the patterns used by dovecot to write it's
> > logs?
> >
> > I need to find all the log possibilities that could be writed to log
> > files by dovecot. So, if a document like that exists or if anyone could
> > answer my question, I'll could make the parser with less difficult.
>
> kv filter in logstash is very useful with dovecot, below is short snippet
> that will extract key=value pairs specified in “include_keys” from log line.
>
> Additionally you might want to set mail_log_prefix to be something like
> “service=%s, user=%s, ” to make it easier to parse.
>
> filter {
> if [syslog_program] == "dovecot" {
> kv {
> source => "syslog_message"
> trim => ","
> include_keys => [ "box", "from", "in", "lip", "method", "mpid",
> "msgid", "out", "rip", "session", "size", "user" ]
> }
> }
> }
>
--
Att.
Bruno Galindro da Costa
