On Tue, 2016-08-16 at 16:16 +0000, Robert Bannocks wrote: > Hi, > > Are there any tools available to process Exim log data? I am looking > to take the log files and produce a data set with one row per message > with columns including the following information: message size, id, > incoming host, incoming ip address, to an from address as they arrive > at Exim (prior to expansion), protocol, port, there could be other > information that is useful. I would rather not re-invent the whele > and write a perl or python script. Can anyone assist. > > Best > > Rob
Rob Given your requirements as stated, ELK etc will be overkill. I assume that you basically need the contents of the "<=" log lines. The format of these are pretty well documented and are essentially a series of key value pairs although the H= for example are a right pain to parse due to the numerous formats that appear depending on DNS look ups. I would then send the logs through something like rsyslog and use that to parse and output the fields you need to a separate file or even a database. You can obviously send the "raw" logs to the usual place as well. Note that you may have multiple recipients and that some information that you might want in the future will only be available within some custom acl. These things rapidly spiral out of control! Before you know where you are you'll need a correlator but if you stick to your original request you'll be fine. You could add a logwrite at strategic point(s) in your config which outputs all the fields you want via expansion variables with a special code at the start which rsyslog selects for and dumps elsewhere. Cheers Jon Blueloop Ltd 01460 271055 https://www.blueloop.net Blueloop House, Ilchester Road, YEOVIL, BA21 3AA Registered England & Wales - 3981322 -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
