On 10 Jun 2014, at 20:31, Bruno Galindro da Costa <bruno.galindro at
gmail.com> wrote:
> Guys,
>
> I need to parse my dovecot log files with logstash grok patterns. Is
> there any document specifying the patterns used by dovecot to write
it's
> logs?
>
> I need to find all the log possibilities that could be writed to log
> files by dovecot. So, if a document like that exists or if anyone could
> answer my question, I'll could make the parser with less difficult.
kv filter in logstash is very useful with dovecot, below is short snippet that
will extract key=value pairs specified in ?include_keys? from log line.
Additionally you might want to set mail_log_prefix to be something like
?service=%s, user=%s, ? to make it easier to parse.
filter {
if [syslog_program] == "dovecot" {
kv {
source => "syslog_message"
trim => ","
include_keys => [ "box", "from", "in",
"lip", "method", "mpid", "msgid",
"out", "rip", "session", "size",
"user" ]
}
}
}