It parses postfix log entries.
const parser = require('postfix-parser');
Each postfix program (smtp/qmgr/cleanup/etc..) has its own format. See the test file for complete examples.
Call with a syslog line:
parser.asObject('Jul 5 06:52:11 mx1 postfix/qmgr[20459]: 3mPVKl...');
Returns an object:
{
date: 'Jul 5 06:52:11',
host: 'prd-mx1',
prog: 'postfix/qmgr',
pid: '20459',
qid: '3mPVKl0Mhjz7sXv',
size: '2666',
nrcpt: '2',
}requires two positional arguments:
- type (see Parser Types)
- a single line syslog entry (or snippet)
asObjectType is most useful when the log lines have already been partially parsed, such as by Logstash.
var parsed = parser.asObject('syslog', data);
if (!parsed) {
// unparseable syslog line
return;
}
if (!/^postfix/.test(parsed.prog)) {
// not a postfix line
return;
}
var msg = parser.asObject(parsed.prog, parsed.msg);msg is an object of parsed.prog type (see examples below)
asObject(
'syslog',
'Jul 5 06:52:11 prd-mx1 postfix/qmgr[20459]: 3mPVKl0Mhjz7sXv: from=<>, size=2666, nrcpt=2 (queue active)'
);Returns:
{
date: 'Jul 5 06:52:11',
host: 'prd-mx1',
prog: 'postfix/qmgr',
pid: '20459',
msg: '3mPVKl0Mhjz7sXv: from=<>, size=2666, nrcpt=2 (queue active)',
}This is comparable to what you'd already have in Elasticsearch if you had imported your logs using Logstash.
asObject('3mPVKl0Mhjz7sXv: from=<>, size=2666, nrcpt=2 (queue active)');Returns:
{
qid: '3mPVKl0Mhjz7sXv',
from: ''
size: '2666',
nrcpt: '2',
}asObject('3mPVKl0Mhjz7sXv: to=<sam.bck@example.org>, relay=mafm.example.org[24.100.200.21]:25, conn_use=2, delay=1.2, delays=0.76/0.01/0.09/0.34, dsn=2.0.0, status=sent (250 2.0.0 t5UI2nBt018923-t5UI2nBw018923 Message accepted for delivery)');Returns:
{
qid: '3mPVKl0Mhjz7sXv',
to: 'sam.bck@example.org',
relay: 'mafm.example.org[24.100.200.21]:25',
conn_use: '2',
delay: '1.2',
delays: '0.76/0.01/0.09/0.34',
dsn: '2.0.0',
status: 'sent (250 2.0.0 t5UI2nBt018923-t5UI2nBw018923 Message accepted for delivery)',
}asObject('3mKxs35RQsz7sXF: message-id=<3mKxs308vpz7sXd@mx14.example.net>');Returns:
{
qid: '3mKxs35RQsz7sXF',
'message-id': '3mKxs308vpz7sXd@mx14.example.net',
}asObject('3mJddz5fh3z7sdM: to=<rcarey@example.tv>, relay=none, delay=165276, delays=165276/0.09/0/0.09, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 24.200.177.247[24.200.177.247]:25: Connection timed out)')Returns:
{
qid: '3mJddz5fh3z7sdM',
to: 'rcarey@example.tv',
relay: 'none',
delay: '165276',
delays: '165276/0.09/0/0.09',
dsn: '4.4.1',
status: 'deferred (delivery temporarily suspended: connect to 24.200.177.247[24.200.177.247]:25: Connection timed out)',
}asObject('3mKxY750hmz7scK: sender non-delivery notification: 3mKxYH0vl4z7sWS')Returns:
{
qid: '3mKxY750hmz7scK',
dsnQid: '3mKxYH0vl4z7sWS',
}asObject('statistics: domain lookup hits=0 miss=3 success=0%')Returns:
{
statistics: 'domain lookup hits=0 miss=3 success=0%',
}asObject('3mKxs308vpz7sXd: uid=1206 from=<system>')Returns:
{
qid: '3mKxs308vpz7sXd',
'uid': '1206',
from: 'system',
}asObject('3mLQKH6hqhz7sWK: to=<logspam@system.alerts>, relay=local, delay=3.1, delays=1.8/0.86/0/0.44, dsn=2.0.0, status=sent (forwarded as 3mLQKK4rDdz7sVS)')Returns:
{
qid: '3mLQKH6hqhz7sWK',
to: 'logspam@system.alerts',
relay: 'local',
delay: '3.1',
delays: '1.8/0.86/0/0.44',
dsn: '2.0.0',
status: 'forwarded',
forwardedAs: '3mLQKK4rDdz7sVS',
}See log-ship-elastic-postfix for an example of combining all log entries for a single message into a normalized document.
Copyright 2015 by eFolder, Inc.