I want to filter out log data from postfix using mmnormalize. I have two template lines:
$template postfrom, "postfix, mail id: '%mailid%', from: '%address%', recipients: '%recipients%'\n" $template postto, "postfix, mail id: '%mailid%', to: '%address%', status: '%status%'\n" When rsyslog tries to parse it on startup I get an error: PROP_INVALID for name 'mailid' I have specified a rulebase file (above the template) : $mmnormalizeRuleBase /rsyslog/rulebase.rb The rules I use: prefix=%date:date-rfc3164% %hostname:word% rule=from: postfix/qmgr[%notused:number%]: %mailid:word% from=<%address:char-to:>%>, size=%notused2:word% nrcpt=%recipients:number% %notused3:char-to:)%) rule=to: postfix/local[%notused:number%]: %mailid:word% to=<%address:char-to:>%>, orig_to=%notused2:word% relay=%notused3:word% delay=%notused4:word% delays=%notused5:word% dsn=%notused6:word% status=%status:word% %2notused3:char-to:)%) When I use 'lognormalizer' on a mail.log file using those filters: [cee@115 event.tags="to" 2notused3="(delivered to mailbox" status="sent" notused6="2.0.0\," notused5="0.09/0/0/0.03\," notused4="0.12\," notused3="local\," notused2="<root>\," address="[email protected]" mailid="1F11110019E:" notused="10593" hostname="bp-mta06" date="May 13 11:09:01"] [cee@115 event.tags="from" notused3="(queue active" recipients="1" notused2="1734\," address="[email protected]" mailid="1F11110019E:" notused="10463" hostname="bp-mta06" date="May 13 11:09:01"] So the filters should work. Anyone who can help? Thanks. -- Yours sincerely, Rune Elvemo BITPRO BITPRO AS Sjølystveien 27 4610 Kristiansand, Norway Phone: +47 47 91 71 00 Fax: +47 47 91 71 01 E-mail: [email protected] Web: www.bitpro.no _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
