/
postfix.mtail
165 lines (138 loc) · 6.01 KB
/
postfix.mtail
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
# vim:ts=2:sw=2:et:ai:sts=2:cinoptions=(0
# Copyright 2017 Martín Ferrari <tincho@tincho.org>. All Rights Reserved.
# This file is available under the Apache license.
# Multi-instance support Copyright 2019 <ale@incal.net>.
# Syslog parser for Postfix, based on the parsing rules from:
# https://github.com/kumina/postfix_exporter
# Copyright 2017 Kumina, https://kumina.nl/
# Available under the Apache license.
#const DELIVERY_DELAY_LINE /.*, relay=(?P<relay>\S+), .*,/ +
# / delays=(?P<bqm>[0-9\.]+)\/(?P<qm>[0-9\.]+)\/(?P<cs>[0-9\.]+)\/(?P<tx>[0-9\.]+),\s/
const SMTP_TLS_LINE /(\S+) TLS connection established to \S+: (\S+) with cipher (\S+) \((\d+)\/(\d+) bits\)/
const SMTPD_TLS_LINE /(\S+) TLS connection established from \S+: (\S+) with cipher (\S+) \((\d+)\/(\d+) bits\)/
#const QMGR_INSERT_LINE /:.*, size=(?P<size>\d+), nrcpt=(?P<nrcpt>\d+)/
const QMGR_REMOVE_LINE /: removed$/
def syslog {
/^(?P<date>(?P<legacy_date>\w+\s+\d+\s+\d+:\d+:\d+)|(?P<rfc3339_date>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d+[-+]\d{2}:\d{2}))/ + /\s+(?:\w+@)?(?P<hostname>[-\w\.\/]+)\s+/ {
len($legacy_date) > 0 {
strptime($2, "Jan _2 15:04:05")
}
len($rfc3339_date) > 0 {
strptime($rfc3339_date, "2006-01-02T15:04:05.000000-07:00")
}
next
}
}
# Total number of messages processed by cleanup.
counter postfix_cleanup_messages_processed_total by postfix_instance
# Total number of messages rejected by cleanup.
counter postfix_cleanup_messages_rejected_total by postfix_instance
# Total number of messages removed from mail queues.
counter postfix_qmgr_messages_removed_total by postfix_instance
# Total number of SMTP attempted deliveries by status.
counter postfix_smtp_deliveries by postfix_instance, status
# Total number of outgoing TLS connections.
counter postfix_smtp_tls_connections_total by postfix_instance, trust, protocol, cipher, secret_bits, algorithm_bits
# Total number of incoming connections.
counter postfix_smtpd_connects_total by postfix_instance
# Total number of incoming disconnections.
counter postfix_smtpd_disconnects_total by postfix_instance
# Total number of connections for which forward-confirmed DNS cannot be resolved.
counter postfix_smtpd_forward_confirmed_reverse_dns_errors_total by postfix_instance
# Total number of connections lost.
counter postfix_smtpd_connections_lost_total by postfix_instance, after_stage
# Total number of messages processed.
counter postfix_smtpd_messages_processed_total by postfix_instance
# Total number of rejects (NOQUEUE and others).
counter postfix_smtpd_messages_rejected_total by postfix_instance, code
# Total number of rejects due to rate limiting.
counter postfix_smtpd_messages_ratelimited_total by postfix_instance
# Total number of SASL authentication failures.
counter postfix_smtpd_sasl_authentication_failures_total by postfix_instance
# Total number of incoming TLS connections.
counter postfix_smtpd_tls_connections_total by postfix_instance, trust, protocol, cipher, secret_bits, algorithm_bits
# Total number of unrecognized log lines
counter postfix_unsupported_log_entries_total by postfix_instance, service
# Spamassassin classification counters (ham/spam).
counter spamassassin_ham_total
counter spamassassin_spam_total
@syslog {
/(?P<postfix_instance>postfix[-a-z]*)\/(?P<service>[-a-z\/]+)\[/ {
$service == "cleanup" {
/: message-id=</ {
postfix_cleanup_messages_processed_total[$postfix_instance]++
}
/: reject: / {
postfix_cleanup_messages_rejected_total[$postfix_instance]++
}
}
$service == "qmgr" {
#// + QMGR_INSERT_LINE {
# postfix_qmgr_messages_inserted_recipients[$postfix_instance] = $nrcpt
# postfix_qmgr_messages_inserted_size_bytes[$postfix_instance] = $size
# }
// + QMGR_REMOVE_LINE {
postfix_qmgr_messages_removed_total[$postfix_instance]++
}
}
$service =~ /smtp$/ {
#// + DELIVERY_DELAY_LINE {
# # 1st field: before_queue_manager
# postfix_smtp_delivery_delay_seconds[$postfix_instance]["before_queue_manager"] = $bqm
#
# # 2nd field: queue_manager
# postfix_smtp_delivery_delay_seconds[$postfix_instance]["queue_manager"] = $qm
#
## 3rd field: connection_setup
#postfix_smtp_delivery_delay_seconds[$postfix_instance]["connection_setup"] = $cs
#
## 4th field: transmission
#postfix_smtp_delivery_delay_seconds[$postfix_instance]["transmission"] = $tx
#}
/status=(?P<status>\w+)/ {
postfix_smtp_deliveries[$postfix_instance][$status]++
}
// + SMTP_TLS_LINE {
postfix_smtp_tls_connections_total[$postfix_instance][$1][$2][$3][$4][$5]++
}
}
$service == "smtpd" {
/ connect from / {
postfix_smtpd_connects_total[$postfix_instance]++
}
/ disconnect from / {
postfix_smtpd_disconnects_total[$postfix_instance]++
}
/ warning: hostname \S+ does not resolve to address / {
postfix_smtpd_forward_confirmed_reverse_dns_errors_total[$postfix_instance]++
}
/ lost connection after (\w+) from / {
postfix_smtpd_connections_lost_total[$postfix_instance][$1]++
}
/: client=/ {
postfix_smtpd_messages_processed_total[$postfix_instance]++
}
/: reject: RCPT from \S+: (\d+) / {
postfix_smtpd_messages_rejected_total[$postfix_instance][$1]++
/ Rate limit / {
postfix_smtpd_messages_ratelimited_total[$postfix_instance]++
}
}
/warning: \S+: SASL \S+ authentication failed: / {
postfix_smtpd_sasl_authentication_failures_total[$postfix_instance]++
}
// + SMTPD_TLS_LINE {
postfix_smtpd_tls_connections_total[$postfix_instance][$1][$2][$3][$4][$5]++
}
}
otherwise {
postfix_unsupported_log_entries_total[$postfix_instance][$service]++
}
}
/spamd: clean message \((?P<score>[0-9.]+)\/[0-9.]+\) for/ {
spamassassin_ham_total++
}
/spamd: identified spam \((?P<score>[0-9.]+)\/[0-9.]+\) for/ {
spamassassin_spam_total++
}
}