Hub configuration

More info

mailscanner-logs Log Parser

« mailscanner-logs »
v0.1 by cbrandlehner
Log parser

Parse MailScanner logs (spam and blacklist)

Installation

cscli parsers install cbrandlehner/mailscanner-logs

YAML Configuration

1name: cbrandlehner/mailscanner-logs
2description: Parse MailScanner logs (spam and blacklist)
3onsuccess: next_stage
4filter: "evt.Parsed.program == 'MailScanner'"
5nodes:
6  - grok:
7      pattern: 'Message %{NOTSPACE:message_id} from %{IP:source_ip} \(%{EMAILADDRESS:from_email}\) to %{NOTSPACE:to_domain} is spam.*(score|Wertung)=%{NUMBER:spam_score}'
8      apply_on: message
9    statics:
10      - meta: log_type
11        value: mailscanner_spam
12      - parsed: spam_score
13        expression: float(evt.Parsed.spam_score)
14  - grok:
15      pattern: 'Message %{NOTSPACE:message_id} from %{IP:source_ip} \(%{EMAILADDRESS:from_email}\) to %{NOTSPACE:to_domain} is spam \(%{WORD:spam_reason}\)'
16      apply_on: message
17    statics:
18      - meta: log_type
19        value: mailscanner_blacklist
20      - parsed: spam_reason
21        expression: evt.Parsed.spam_reason
22
23statics:
24  - meta: source_ip
25    expression: evt.Parsed.source_ip
26

Hub configuration

« mailscanner-logs »v0.1 by cbrandlehnerLog parser

« mailscanner-logs »
v0.1 by cbrandlehner
Log parser