Mercurial > logstash

comparison sendmail.pattern @ 1:59fe08a2fcbe

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
switch to flatjar.jar; fix sendmail patterns
author Carl Byington <carl@five-ten-sg.com>
date Fri, 01 Mar 2013 18:40:11 -0800
parents df4952a2fb06
children
comparison
equal deleted inserted replaced
0:df4952a2fb06 1:59fe08a2fcbe
1 # https://raw.github.com/augieschwer/grok-patterns/master/sendmail.grok 1 # https://raw.github.com/augieschwer/grok-patterns/master/sendmail.grok
2 # 2 #
3 3
4 LOGIN [.a-zA-Z0-9_-]+
4 EMAIL %{LOGIN}@%{IPORHOST} 5 EMAIL %{LOGIN}@%{IPORHOST}
5 DSN [0-9][.][0-9][.][0-9] 6 DSN [0-9][.][0-9][.][0-9]
7 QID [A-za-z0-9]{14}
6 8
7 # Match a relay that gives us a QID in the return status. 9 # Match a relay that gives us a QID in the return status.
8 SENDMAIL_TO_1 %{SYSLOGBASE} %{QID:qid}: to=<%{EMAIL:to}>, (%{WORD}=%{DATA},)+ relay=%{IPORHOST:relay} \[%{IP}\], dsn=%{DSN:dsn}, stat=%{DATA:status} \(%{QID:qid} %{GREEDYDATA:status_message}\) 10 SENDMAIL_TO_1 %{SYSLOGBASE} %{QID:qid}: to=<%{EMAIL:to}>, (%{WORD}=%{DATA},)+ relay=%{IPORHOST:relay} \[%{IP}\], dsn=%{DSN:dsn}, stat=%{DATA:status} \(%{QID:qid} %{GREEDYDATA:status_message}\)
9 11
10 # Match a relay that does NOT give us a QID in the return status. 12 # Match a relay that does NOT give us a QID in the return status.