changeset 5:6b7beb807d14

add dnsbl patterns
author Carl Byington <carl@five-ten-sg.com>
date Fri, 22 Mar 2013 10:31:48 -0700
parents 29ffaf4e0a7f
children ccedd213595c
files dnsbl.pattern logstash.conf logstash.rc logstash.spec
diffstat 4 files changed, 26 insertions(+), 18 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dnsbl.pattern	Fri Mar 22 10:31:48 2013 -0700
@@ -0,0 +1,6 @@
+DNSBL1 %{SYSLOGBASE} %{QID:qid}: from <%{EMAIL:from}> to <%{EMAIL:to}> using context %{DATA:context} state %{DATA:state} reply context %{DATA:replycontext} state %{DATA:replystate}
+DNSBL2 %{SYSLOGBASE} %{QID:qid}: spamc returned %{GREEDYDATA:spamassassin}
+DNSBL3 %{SYSLOGBASE} %{QID:qid}: dcc returned %{GREEDYDATA:dcc}
+DNSBL4 %{SYSLOGBASE} %{QID:qid}: Milter: to=<%{EMAIL:to}>, reject=%{DATA:smtpreason} mail from %{IP:ip} rejected - %{GREEDYDATA:dnsblreason}
+
+DNSBL (%{DNSBL1}|%{DNSBL2}|%{DNSBL3}|%{DNSBL4})
--- a/logstash.conf	Thu Mar 07 21:24:02 2013 -0800
+++ b/logstash.conf	Fri Mar 22 10:31:48 2013 -0700
@@ -29,17 +29,17 @@
 filter {
     grok {
         type => "sendmail"
-        pattern => "%{SENDMAIL}"
+        pattern => [ "%{DNSBL}", "%{SENDMAIL}" ]
         patterns_dir => "/var/lib/logstash/data/patterns"
     }
     grep {
         type => "sendmail"
-        match => [ "program", "sendmail" ]
+        match => [ "program", "sendmail|dnsbl" ]
     }
     grep {
         type => "sendmail"
         negate => true
-        match => [ "message", "^(M|m)ilter" ]
+        match => [ "program", "sendmail", "message", "^(M|m)ilter" ]
     }
 
     grok {
--- a/logstash.rc	Thu Mar 07 21:24:02 2013 -0800
+++ b/logstash.rc	Fri Mar 22 10:31:48 2013 -0700
@@ -49,7 +49,7 @@
     cd $HOME
     pid=$(
     exec sudo -u logstash /bin/bash - <<EOF
-        $JAVA $ARGS </dev/null >$LOGFILE 2>&1 &
+        $JAVA $ARGS
         echo \$!
 EOF
     )
--- a/logstash.spec	Thu Mar 07 21:24:02 2013 -0800
+++ b/logstash.spec	Fri Mar 22 10:31:48 2013 -0700
@@ -12,14 +12,15 @@
 URL:            http://logstash.net/
 BuildArch:      noarch
 Source0:        https://logstash.objects.dreamhost.com/release/%{name}-%{version}-monolithic.jar
+Source1:        https://logstash.jira.com/secure/attachment/12610/logstash_index_cleaner.py
 #ource0:        http://logstash.objects.dreamhost.com/release/%{name}-%{version}-flatjar.jar
-Source1:        %{name}.rc
-Source2:        %{name}.conf
-Source3:        apache.pattern
-Source4:        sendmail.pattern
-Source5:        https://logstash.jira.com/secure/attachment/12610/logstash_index_cleaner.py
-Source6:        %{name}.cron
-Requires:       httpd java-1.7.0-openjdk python-pip python-argparse python-ordereddict
+Source10:       %{name}.rc
+Source11:       %{name}.cron
+Source12:       %{name}.conf
+Source20:       apache.pattern
+Source21:       sendmail.pattern
+Source22:       dnsbl.pattern
+Requires:       logrotate httpd java-1.7.0-openjdk python-pip python-argparse python-ordereddict
 Requires(pre):          /usr/sbin/useradd
 Requires(pre):          /usr/bin/getent
 Requires(postun):       /usr/sbin/userdel
@@ -47,12 +48,13 @@
 rm -rf $RPM_BUILD_ROOT
 mkdir  -p $RPM_BUILD_ROOT/var/log/%{name}
 install -D -m 750 %SOURCE0   $RPM_BUILD_ROOT/%{_bindir}/%{name}.jar
-install -D -m 750 %SOURCE5   $RPM_BUILD_ROOT/%{_bindir}/logstash_index_cleaner.py
-install -D -m 755 %SOURCE1   $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
-install -D -m 755 %SOURCE6   $RPM_BUILD_ROOT/etc/cron.daily/%{name}
-install -D -m 640 %SOURCE2   $RPM_BUILD_ROOT/etc/%{name}/%{name}.conf
-install -D -m 640 %SOURCE3   $RPM_BUILD_ROOT/var/lib/%{name}/data/patterns/apache
-install -D -m 640 %SOURCE4   $RPM_BUILD_ROOT/var/lib/%{name}/data/patterns/sendmail
+install -D -m 750 %SOURCE1   $RPM_BUILD_ROOT/%{_bindir}/logstash_index_cleaner.py
+install -D -m 755 %SOURCE10  $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
+install -D -m 755 %SOURCE11  $RPM_BUILD_ROOT/etc/cron.daily/%{name}
+install -D -m 640 %SOURCE12  $RPM_BUILD_ROOT/etc/%{name}/%{name}.conf
+install -D -m 640 %SOURCE20  $RPM_BUILD_ROOT/var/lib/%{name}/data/patterns/apache
+install -D -m 640 %SOURCE21  $RPM_BUILD_ROOT/var/lib/%{name}/data/patterns/sendmail
+install -D -m 640 %SOURCE22  $RPM_BUILD_ROOT/var/lib/%{name}/data/patterns/dnsbl
 
 
 %pre
@@ -99,6 +101,6 @@
 
 
 %changelog
-* Fri Feb 29 2013  <carl@five-ten-sg.com> - 1.1.9-0
+* Fri Mar 22 2013  <carl@five-ten-sg.com> - 1.1.9-0
 - Initial build.