Hi, I'm working on aggregating event logs and trying to correlate all related events using session IDs. However, I’m struggling with some events as they're missing the session ID. 1. proxy_session_* events lack a session ID field, making it difficult to pair them with auth_request_* events. 2. when using dovecot as sasl for postfix with a unix listener, both auth_request_* and auth_passdb_request_* events are missing the session ID too.
Example of the fields object for auth_request_finished when using smtp. It's missing multiple common fields, but session ID is, imho, the most important one. https://doc.dovecot.org/2.3/admin_manual/list_of_events/#id1 ``` categories: [ "auth", "service:auth" ] "fields": { "translated_user": "alex", "mechanism": "LOGIN", "real_remote_ip": "X.X.X.X", "user": "alex", "transport": "insecure", "local_ip": "X.X.X.X", "remote_ip": "X.X.X.X", "real_local_ip": "X.X.X.X", "policy_result": "ok", "service": "smtp", "duration": 96764, "original_user": "alex" }, ``` Would it be possible to add session ID fields to these logs? Alternatively, is there another method to correlate all the session related logs? Thanks, Matus Dovecot v. 2.3.21 _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
