-
Notifications
You must be signed in to change notification settings - Fork 8
Add context to Splunk 'source' #16
Comments
PR merged. For setting the Splunk source field of imapped reports, I think we best combine imap2dir and dir2splunk into a new class "rfc822tosplunk".
|
Does it matter which email RFC is mentioned (822, 2822, 5322)? I do not have access to IMAP, so I cannot test any code against actual reports. Should the dmarc code be maintained in a different repository, and merged into TA-dmarc periodically? |
I committed some initial DKIM stuff in the rfc822tosplunk branch a while ago. It works with the current code and emits only log messages now. Regarding IMAP testing: You can setup a local Dovecot imap server to which you copy some dmarc mails. |
I recommend adding available email and/or file data for the Splunk 'source' for all processed files, if possible. Below is one possible option.
IMAP
Directory
The text was updated successfully, but these errors were encountered: