On Tue, May 13, 2014 at 12:29 PM, Rune Elvemo <[email protected]> wrote:
> I want to filter out log data from postfix using mmnormalize. > I have two template lines: > > $template postfrom, "postfix, mail id: '%mailid%', from: '%address%', > recipients: '%recipients%'\n" > $template postto, "postfix, mail id: '%mailid%', to: '%address%', status: > '%status%'\n" > > the property names are invalid. Please see the doc: http://www.rsyslog.com/doc/mmnormalize.html They must start with $! HTH Rainer > When rsyslog tries to parse it on startup I get an error: PROP_INVALID for > name 'mailid' > > I have specified a rulebase file (above the template) : > $mmnormalizeRuleBase /rsyslog/rulebase.rb > > The rules I use: > > prefix=%date:date-rfc3164% %hostname:word% > rule=from: postfix/qmgr[%notused:number%]: %mailid:word% > from=<%address:char-to:>%>, size=%notused2:word% nrcpt=%recipients:number% > %notused3:char-to:)%) > rule=to: postfix/local[%notused:number%]: %mailid:word% > to=<%address:char-to:>%>, orig_to=%notused2:word% relay=%notused3:word% > delay=%notused4:word% delays=%notused5:word% dsn=%notused6:word% > status=%status:word% %2notused3:char-to:)%) > > When I use 'lognormalizer' on a mail.log file using those filters: > [cee@115 event.tags="to" 2notused3="(delivered to mailbox" status="sent" > notused6="2.0.0\," notused5="0.09/0/0/0.03\," notused4="0.12\," > notused3="local\," notused2="<root>\," address="[email protected]" > mailid="1F11110019E:" notused="10593" hostname="bp-mta06" date="May 13 > 11:09:01"] > [cee@115 event.tags="from" notused3="(queue active" recipients="1" > notused2="1734\," address="[email protected]" mailid="1F11110019E:" > notused="10463" hostname="bp-mta06" date="May 13 11:09:01"] > > So the filters should work. > > Anyone who can help? > > Thanks. > > > -- > > Yours sincerely, > Rune Elvemo > > BITPRO > > BITPRO AS > Sjølystveien 27 > 4610 Kristiansand, Norway > > Phone: +47 47 91 71 00 > Fax: +47 47 91 71 01 > E-mail: [email protected] > Web: www.bitpro.no > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
