Mercurial > logstash
changeset 5:6b7beb807d14
add dnsbl patterns
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Fri, 22 Mar 2013 10:31:48 -0700 |
parents | 29ffaf4e0a7f |
children | ccedd213595c |
files | dnsbl.pattern logstash.conf logstash.rc logstash.spec |
diffstat | 4 files changed, 26 insertions(+), 18 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/dnsbl.pattern Fri Mar 22 10:31:48 2013 -0700 @@ -0,0 +1,6 @@ +DNSBL1 %{SYSLOGBASE} %{QID:qid}: from <%{EMAIL:from}> to <%{EMAIL:to}> using context %{DATA:context} state %{DATA:state} reply context %{DATA:replycontext} state %{DATA:replystate} +DNSBL2 %{SYSLOGBASE} %{QID:qid}: spamc returned %{GREEDYDATA:spamassassin} +DNSBL3 %{SYSLOGBASE} %{QID:qid}: dcc returned %{GREEDYDATA:dcc} +DNSBL4 %{SYSLOGBASE} %{QID:qid}: Milter: to=<%{EMAIL:to}>, reject=%{DATA:smtpreason} mail from %{IP:ip} rejected - %{GREEDYDATA:dnsblreason} + +DNSBL (%{DNSBL1}|%{DNSBL2}|%{DNSBL3}|%{DNSBL4})
--- a/logstash.conf Thu Mar 07 21:24:02 2013 -0800 +++ b/logstash.conf Fri Mar 22 10:31:48 2013 -0700 @@ -29,17 +29,17 @@ filter { grok { type => "sendmail" - pattern => "%{SENDMAIL}" + pattern => [ "%{DNSBL}", "%{SENDMAIL}" ] patterns_dir => "/var/lib/logstash/data/patterns" } grep { type => "sendmail" - match => [ "program", "sendmail" ] + match => [ "program", "sendmail|dnsbl" ] } grep { type => "sendmail" negate => true - match => [ "message", "^(M|m)ilter" ] + match => [ "program", "sendmail", "message", "^(M|m)ilter" ] } grok {
--- a/logstash.rc Thu Mar 07 21:24:02 2013 -0800 +++ b/logstash.rc Fri Mar 22 10:31:48 2013 -0700 @@ -49,7 +49,7 @@ cd $HOME pid=$( exec sudo -u logstash /bin/bash - <<EOF - $JAVA $ARGS </dev/null >$LOGFILE 2>&1 & + $JAVA $ARGS echo \$! EOF )
--- a/logstash.spec Thu Mar 07 21:24:02 2013 -0800 +++ b/logstash.spec Fri Mar 22 10:31:48 2013 -0700 @@ -12,14 +12,15 @@ URL: http://logstash.net/ BuildArch: noarch Source0: https://logstash.objects.dreamhost.com/release/%{name}-%{version}-monolithic.jar +Source1: https://logstash.jira.com/secure/attachment/12610/logstash_index_cleaner.py #ource0: http://logstash.objects.dreamhost.com/release/%{name}-%{version}-flatjar.jar -Source1: %{name}.rc -Source2: %{name}.conf -Source3: apache.pattern -Source4: sendmail.pattern -Source5: https://logstash.jira.com/secure/attachment/12610/logstash_index_cleaner.py -Source6: %{name}.cron -Requires: httpd java-1.7.0-openjdk python-pip python-argparse python-ordereddict +Source10: %{name}.rc +Source11: %{name}.cron +Source12: %{name}.conf +Source20: apache.pattern +Source21: sendmail.pattern +Source22: dnsbl.pattern +Requires: logrotate httpd java-1.7.0-openjdk python-pip python-argparse python-ordereddict Requires(pre): /usr/sbin/useradd Requires(pre): /usr/bin/getent Requires(postun): /usr/sbin/userdel @@ -47,12 +48,13 @@ rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/var/log/%{name} install -D -m 750 %SOURCE0 $RPM_BUILD_ROOT/%{_bindir}/%{name}.jar -install -D -m 750 %SOURCE5 $RPM_BUILD_ROOT/%{_bindir}/logstash_index_cleaner.py -install -D -m 755 %SOURCE1 $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name} -install -D -m 755 %SOURCE6 $RPM_BUILD_ROOT/etc/cron.daily/%{name} -install -D -m 640 %SOURCE2 $RPM_BUILD_ROOT/etc/%{name}/%{name}.conf -install -D -m 640 %SOURCE3 $RPM_BUILD_ROOT/var/lib/%{name}/data/patterns/apache -install -D -m 640 %SOURCE4 $RPM_BUILD_ROOT/var/lib/%{name}/data/patterns/sendmail +install -D -m 750 %SOURCE1 $RPM_BUILD_ROOT/%{_bindir}/logstash_index_cleaner.py +install -D -m 755 %SOURCE10 $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name} +install -D -m 755 %SOURCE11 $RPM_BUILD_ROOT/etc/cron.daily/%{name} +install -D -m 640 %SOURCE12 $RPM_BUILD_ROOT/etc/%{name}/%{name}.conf +install -D -m 640 %SOURCE20 $RPM_BUILD_ROOT/var/lib/%{name}/data/patterns/apache +install -D -m 640 %SOURCE21 $RPM_BUILD_ROOT/var/lib/%{name}/data/patterns/sendmail +install -D -m 640 %SOURCE22 $RPM_BUILD_ROOT/var/lib/%{name}/data/patterns/dnsbl %pre @@ -99,6 +101,6 @@ %changelog -* Fri Feb 29 2013 <carl@five-ten-sg.com> - 1.1.9-0 +* Fri Mar 22 2013 <carl@five-ten-sg.com> - 1.1.9-0 - Initial build.