-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing "discarding EHLO keywords" #205
Comments
I'm not really seeing a pattern here: it's just a message. Using a pattern to parse the line can separate the keywords from the |
I wasn't looking for a structured form, but mostly not losing the message because of a missing pattern. While this is just informational, it might help in case people report problems. I did it similar to what POSTFIX_QMGR_INFO is doing. Which might be a case for a named capture too? |
Just wondering: your message should never be lost, right? It's already there, normally (i.e. basic syslog format), looking something like: Your PR proposes to 'enhance' the pristine message with a single new field |
The message stems from a security workaround that was introduced early this year. While you are right that it only duplicates the message, I'd want it to be set similar to the rest of the postfix_message attributes that are already in use and not get tagged a _grok_postfix_smtpd_nomatch. If you have a table of postfix data in Kibana, you might not want to have the regular message field in there. Or you might want to have a graph of postfix_message counts by type to see if something is off. |
I have found a missing message:
Since this might help identify issues, do we want to add this to the patterns in some form?
http://www.postfix.org/BDAT_README.html
The text was updated successfully, but these errors were encountered: