NAME
Log::Saftpresse::Plugin::Amavis - plugin to parse amavisd-new logs
VERSION
version 1.6
Description
This plugin parses Amavis log lines. Currently only JSON format log lines are parsed.
Synopsis
<Plugin amavis>
module = "Amavis"
test_stats = 1
</Plugin>
Options
Configure Amavis/Rsyslog for JSON output
First increase the maximum message size in rsyslog:
$MaxMessageSize 32k
Then configure your $log_templ in amavisd.conf for JSON output:
$logline_maxlen = ( 32*1024 ) - 50; # 32k max message size, keep 50 bytes for syslog
$log_templ = <<'EOD';
[:report_json]
EOD
Input
This plugin expects a log line with
'program' => 'amavis'
and an amavis report_json message like
'message' => '(04529-01) {"@timestamp":"2015-06-12T04:51:48.725Z","action":["PASS"],...}'
Output
The plugin will outout the field log_id and will copy all fields in the JSON data structure to the event.
Counters
The plugin will create the following counters:
<host>.total
<host>.content_type.<content_type>
<host>.action.<action>
<host>.size
<host>.score
If option test_stats is enabled:
<host>.tests.<test>
AUTHOR
Markus Benning <ich@markusbenning.de>
COPYRIGHT AND LICENSE
This software is Copyright (c) 1998 by James S. Seymour, 2015 by Markus Benning.
This is free software, licensed under:
The GNU General Public License, Version 2, June 1991