Compare Pastes

Differences between the pastes #128398 (21.10.2019 18:01) and #220909 (17.09.2021 10:34).

input {
  beats {
    port => 5044
 }
}
filter {
     grok {
      match => { "message" => "%{SYSLOGTIMESTAMP} %{SYSLOGHOST} %{DATA:program}(?:\[%{POSINT}\])?: %{GREEDYDATA:message}" }
      overwrite => "message"
    }
mutate {
   rename => ["host", "server"]
   convert => {"server" => "string"}
}


}


filter {
    # grok log lines by program name (listed alpabetically)
    if [program] =~ /^postfix.*\/anvil$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_ANVIL}$" ]
            tag_on_failure => [ "_grok_postfix_anvil_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/bounce$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_BOUNCE}$" ]
            tag_on_failure => [ "_grok_postfix_bounce_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/cleanup$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_CLEANUP}$" ]
            tag_on_failure => [ "_grok_postfix_cleanup_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/dnsblog$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_DNSBLOG}$" ]
            tag_on_failure => [ "_grok_postfix_dnsblog_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/error$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_ERROR}$" ]
            tag_on_failure => [ "_grok_postfix_error_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/local$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_LOCAL}$" ]
            tag_on_failure => [ "_grok_postfix_local_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/master$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_MASTER}$" ]
            tag_on_failure => [ "_grok_postfix_master_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/pickup$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_PICKUP}$" ]
            tag_on_failure => [ "_grok_postfix_pickup_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/pipe$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_PIPE}$" ]
            tag_on_failure => [ "_grok_postfix_pipe_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/postdrop$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_POSTDROP}$" ]
            tag_on_failure => [ "_grok_postfix_postdrop_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/postscreen$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_POSTSCREEN}$" ]
            tag_on_failure => [ "_grok_postfix_postscreen_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/qmgr$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_QMGR}$" ]
            tag_on_failure => [ "_grok_postfix_qmgr_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/scache$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_SCACHE}$" ]
            tag_on_failure => [ "_grok_postfix_scache_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/sendmail$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_SENDMAIL}$" ]
            tag_on_failure => [ "_grok_postfix_sendmail_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/smtp$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_SMTP}$" ]
            tag_on_failure => [ "_grok_postfix_smtp_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/lmtp$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_LMTP}$" ]
            tag_on_failure => [ "_grok_postfix_lmtp_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/smtpd$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_SMTPD}$" ]
            tag_on_failure => [ "_grok_postfix_smtpd_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/postsuper$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_POSTSUPER}$" ]
            tag_on_failure => [ "_grok_postfix_postsuper_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/tlsmgr$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_TLSMGR}$" ]
            tag_on_failure => [ "_grok_postfix_tlsmgr_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/tlsproxy$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_TLSPROXY}$" ]
            tag_on_failure => [ "_grok_postfix_tlsproxy_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/trivial-rewrite$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_TRIVIAL_REWRITE}$" ]
            tag_on_failure => [ "_grok_postfix_trivial_rewrite_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/discard$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_DISCARD}$" ]
            tag_on_failure => [ "_grok_postfix_discard_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*\/virtual$/ {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => [ "message", "^%{POSTFIX_VIRTUAL}$" ]
            tag_on_failure => [ "_grok_postfix_virtual_nomatch" ]
            add_tag        => [ "_grok_postfix_success" ]
        }
    } else if [program] =~ /^postfix.*/ {
        mutate {
            add_tag => [ "_grok_postfix_program_nomatch" ]
        }
    }

    # process key-value data if it exists
    if [postfix.keyvalue_data] {
        kv {
            source       => "postfix.keyvalue_data"
            trim_value   => "<>,"
            prefix       => "postfix."
            remove_field => [ "postfix_keyvalue_data" ]
        }

        # some post processing of key-value data
        if [postfix.client] {
            grok {
                patterns_dir   => "/etc/logstash/patterns"
                match          => ["postfix.client", "^%{POSTFIX_CLIENT_INFO}$"]
                tag_on_failure => [ "_grok_kv_postfix_client_nomatch" ]
                remove_field   => [ "postfix_client" ]
            }
        }
        if [postfix.relay] {
            grok {
                patterns_dir   => "/etc/logstash/patterns"
                match          => ["postfix.relay", "^%{POSTFIX_RELAY_INFO}$"]
                tag_on_failure => [ "_grok_kv_postfix_relay_nomatch" ]
                remove_field   => [ "postfix_relay" ]
            }
        }
        if [postfix.delays] {
            grok {
                patterns_dir   => "/etc/logstash/patterns"
                match          => ["postfix.delays", "^%{POSTFIX_DELAYS}$"]
                tag_on_failure => [ "_grok_kv_postfix_delays_nomatch" ]
                remove_field   => [ "postfix_delays" ]
            }
        }
    }

    # process command counter data if it exists
    if [postfix.command_counter_data] {
        grok {
            patterns_dir   => "/etc/logstash/patterns"
            match          => ["postfix_command_counter_data", "^%{POSTFIX_COMMAND_COUNTER_DATA}$"]
            tag_on_failure => ["_grok_postfix_command_counter_data_nomatch"]
            remove_field   => ["postfix_command_counter_data"]
        }
    }

    # Do some data type conversions
    mutate {
        convert => [
            # list of integer fields
            "postfix.anvil_cache_size", "integer",
            "postfix.anvil_conn_count", "integer",
            "postfix.anvil_conn_rate", "integer",
            "postfix.client_port", "integer",
            "postfix.cmd_auth", "integer",
            "postfix.cmd_auth_accepted", "integer",
            "postfix.cmd_count", "integer",
            "postfix.cmd_count_accepted", "integer",
            "postfix.cmd_data", "integer",
            "postfix.cmd_data_accepted", "integer",
            "postfix.cmd_ehlo", "integer",
            "postfix.cmd_ehlo_accepted", "integer",
            "postfix.cmd_helo", "integer",
            "postfix.cmd_helo_accepted", "integer",
            "postfix.cmd_mail", "integer",
            "postfix.cmd_mail_accepted", "integer",
            "postfix.cmd_quit", "integer",
            "postfix.cmd_quit_accepted", "integer",
            "postfix.cmd_rcpt", "integer",
            "postfix.cmd_rcpt_accepted", "integer",
            "postfix.cmd_rset", "integer",
            "postfix.cmd_rset_accepted", "integer",
            "postfix.cmd_starttls", "integer",
            "postfix.cmd_starttls_accepted", "integer",
            "postfix.cmd_unknown", "integer",
            "postfix.cmd_unknown_accepted", "integer",
            "postfix.nrcpt", "integer",
            "postfix.postscreen_cache_dropped", "integer",
            "postfix.postscreen_cache_retained", "integer",
            "postfix.postscreen_dnsbl_rank", "integer",
            "postfix.relay_port", "integer",
            "postfix.server_port", "integer",
            "postfix.size", "integer",
            "postfix.status_code", "integer",
            "postfix.termination_signal", "integer",

            # list of float fields
            "postfix.delay", "float",
            "postfix.delay_before_qmgr", "float",
            "postfix.delay_conn_setup", "float",
            "postfix.delay_in_qmgr", "float",
            "postfix.delay_transmission", "float",
            "postfix.postscreen_violation_time", "float"
        ]
    }
mutate {
   rename => ["host", "server"]
   convert => {"server" => "string"}
}

}

output {
        elasticsearch {
            hosts    => "localhost:9200"
            index    => "postfix-%{+YYYY.MM.dd}"
        }

}



















1		input {
2		beats {
3		port => 5044
4		}
5		}
6		filter {
7		grok {
8		match => { "message" => "%{SYSLOGTIMESTAMP} %{SYSLOGHOST} %{DATA:program}(?:\[%{POSINT}\])?: %{GREEDYDATA:message}" }
9		overwrite => "message"
10		}
11		mutate {
12		rename => ["host", "server"]
13		convert => {"server" => "string"}
14		}
15
16
17		}
18
19
20		filter {
21		# grok log lines by program name (listed alpabetically)
22		if [program] =~ /^postfix.*\/anvil$/ {
23		grok {
24		patterns_dir => "/etc/logstash/patterns"
25		match => [ "message", "^%{POSTFIX_ANVIL}$" ]
26		tag_on_failure => [ "_grok_postfix_anvil_nomatch" ]
27		add_tag => [ "_grok_postfix_success" ]
28		}
29		} else if [program] =~ /^postfix.*\/bounce$/ {
30		grok {
31		patterns_dir => "/etc/logstash/patterns"
32		match => [ "message", "^%{POSTFIX_BOUNCE}$" ]
33		tag_on_failure => [ "_grok_postfix_bounce_nomatch" ]
34		add_tag => [ "_grok_postfix_success" ]
35		}
36		} else if [program] =~ /^postfix.*\/cleanup$/ {
37		grok {
38		patterns_dir => "/etc/logstash/patterns"
39		match => [ "message", "^%{POSTFIX_CLEANUP}$" ]
40		tag_on_failure => [ "_grok_postfix_cleanup_nomatch" ]
41		add_tag => [ "_grok_postfix_success" ]
42		}
43		} else if [program] =~ /^postfix.*\/dnsblog$/ {
44		grok {
45		patterns_dir => "/etc/logstash/patterns"
46		match => [ "message", "^%{POSTFIX_DNSBLOG}$" ]
47		tag_on_failure => [ "_grok_postfix_dnsblog_nomatch" ]
48		add_tag => [ "_grok_postfix_success" ]
49		}
50		} else if [program] =~ /^postfix.*\/error$/ {
51		grok {
52		patterns_dir => "/etc/logstash/patterns"
53		match => [ "message", "^%{POSTFIX_ERROR}$" ]
54		tag_on_failure => [ "_grok_postfix_error_nomatch" ]
55		add_tag => [ "_grok_postfix_success" ]
56		}
57		} else if [program] =~ /^postfix.*\/local$/ {
58		grok {
59		patterns_dir => "/etc/logstash/patterns"
60		match => [ "message", "^%{POSTFIX_LOCAL}$" ]
61		tag_on_failure => [ "_grok_postfix_local_nomatch" ]
62		add_tag => [ "_grok_postfix_success" ]
63		}
64		} else if [program] =~ /^postfix.*\/master$/ {
65		grok {
66		patterns_dir => "/etc/logstash/patterns"
67		match => [ "message", "^%{POSTFIX_MASTER}$" ]
68		tag_on_failure => [ "_grok_postfix_master_nomatch" ]
69		add_tag => [ "_grok_postfix_success" ]
70		}
71		} else if [program] =~ /^postfix.*\/pickup$/ {
72		grok {
73		patterns_dir => "/etc/logstash/patterns"
74		match => [ "message", "^%{POSTFIX_PICKUP}$" ]
75		tag_on_failure => [ "_grok_postfix_pickup_nomatch" ]
76		add_tag => [ "_grok_postfix_success" ]
77		}
78		} else if [program] =~ /^postfix.*\/pipe$/ {
79		grok {
80		patterns_dir => "/etc/logstash/patterns"
81		match => [ "message", "^%{POSTFIX_PIPE}$" ]
82		tag_on_failure => [ "_grok_postfix_pipe_nomatch" ]
83		add_tag => [ "_grok_postfix_success" ]
84		}
85		} else if [program] =~ /^postfix.*\/postdrop$/ {
86		grok {
87		patterns_dir => "/etc/logstash/patterns"
88		match => [ "message", "^%{POSTFIX_POSTDROP}$" ]
89		tag_on_failure => [ "_grok_postfix_postdrop_nomatch" ]
90		add_tag => [ "_grok_postfix_success" ]
91		}
92		} else if [program] =~ /^postfix.*\/postscreen$/ {
93		grok {
94		patterns_dir => "/etc/logstash/patterns"
95		match => [ "message", "^%{POSTFIX_POSTSCREEN}$" ]
96		tag_on_failure => [ "_grok_postfix_postscreen_nomatch" ]
97		add_tag => [ "_grok_postfix_success" ]
98		}
99		} else if [program] =~ /^postfix.*\/qmgr$/ {
100		grok {
101		patterns_dir => "/etc/logstash/patterns"
102		match => [ "message", "^%{POSTFIX_QMGR}$" ]
103		tag_on_failure => [ "_grok_postfix_qmgr_nomatch" ]
104		add_tag => [ "_grok_postfix_success" ]
105		}
106		} else if [program] =~ /^postfix.*\/scache$/ {
107		grok {
108		patterns_dir => "/etc/logstash/patterns"
109		match => [ "message", "^%{POSTFIX_SCACHE}$" ]
110		tag_on_failure => [ "_grok_postfix_scache_nomatch" ]
111		add_tag => [ "_grok_postfix_success" ]
112		}
113		} else if [program] =~ /^postfix.*\/sendmail$/ {
114		grok {
115		patterns_dir => "/etc/logstash/patterns"
116		match => [ "message", "^%{POSTFIX_SENDMAIL}$" ]
117		tag_on_failure => [ "_grok_postfix_sendmail_nomatch" ]
118		add_tag => [ "_grok_postfix_success" ]
119		}
120		} else if [program] =~ /^postfix.*\/smtp$/ {
121		grok {
122		patterns_dir => "/etc/logstash/patterns"
123		match => [ "message", "^%{POSTFIX_SMTP}$" ]
124		tag_on_failure => [ "_grok_postfix_smtp_nomatch" ]
125		add_tag => [ "_grok_postfix_success" ]
126		}
127		} else if [program] =~ /^postfix.*\/lmtp$/ {
128		grok {
129		patterns_dir => "/etc/logstash/patterns"
130		match => [ "message", "^%{POSTFIX_LMTP}$" ]
131		tag_on_failure => [ "_grok_postfix_lmtp_nomatch" ]
132		add_tag => [ "_grok_postfix_success" ]
133		}
134		} else if [program] =~ /^postfix.*\/smtpd$/ {
135		grok {
136		patterns_dir => "/etc/logstash/patterns"
137		match => [ "message", "^%{POSTFIX_SMTPD}$" ]
138		tag_on_failure => [ "_grok_postfix_smtpd_nomatch" ]
139		add_tag => [ "_grok_postfix_success" ]
140		}
141		} else if [program] =~ /^postfix.*\/postsuper$/ {
142		grok {
143		patterns_dir => "/etc/logstash/patterns"
144		match => [ "message", "^%{POSTFIX_POSTSUPER}$" ]
145		tag_on_failure => [ "_grok_postfix_postsuper_nomatch" ]
146		add_tag => [ "_grok_postfix_success" ]
147		}
148		} else if [program] =~ /^postfix.*\/tlsmgr$/ {
149		grok {
150		patterns_dir => "/etc/logstash/patterns"
151		match => [ "message", "^%{POSTFIX_TLSMGR}$" ]
152		tag_on_failure => [ "_grok_postfix_tlsmgr_nomatch" ]
153		add_tag => [ "_grok_postfix_success" ]
154		}
155		} else if [program] =~ /^postfix.*\/tlsproxy$/ {
156		grok {
157		patterns_dir => "/etc/logstash/patterns"
158		match => [ "message", "^%{POSTFIX_TLSPROXY}$" ]
159		tag_on_failure => [ "_grok_postfix_tlsproxy_nomatch" ]
160		add_tag => [ "_grok_postfix_success" ]
161		}
162		} else if [program] =~ /^postfix.*\/trivial-rewrite$/ {
163		grok {
164		patterns_dir => "/etc/logstash/patterns"
165		match => [ "message", "^%{POSTFIX_TRIVIAL_REWRITE}$" ]
166		tag_on_failure => [ "_grok_postfix_trivial_rewrite_nomatch" ]
167		add_tag => [ "_grok_postfix_success" ]
168		}
169		} else if [program] =~ /^postfix.*\/discard$/ {
170		grok {
171		patterns_dir => "/etc/logstash/patterns"
172		match => [ "message", "^%{POSTFIX_DISCARD}$" ]
173		tag_on_failure => [ "_grok_postfix_discard_nomatch" ]
174		add_tag => [ "_grok_postfix_success" ]
175		}
176		} else if [program] =~ /^postfix.*\/virtual$/ {
177		grok {
178		patterns_dir => "/etc/logstash/patterns"
179		match => [ "message", "^%{POSTFIX_VIRTUAL}$" ]
180		tag_on_failure => [ "_grok_postfix_virtual_nomatch" ]
181		add_tag => [ "_grok_postfix_success" ]
182		}
183		} else if [program] =~ /^postfix.*/ {
184		mutate {
185		add_tag => [ "_grok_postfix_program_nomatch" ]
186		}
187		}
188
189		# process key-value data if it exists
190		if [postfix.keyvalue_data] {
191		kv {
192		source => "postfix.keyvalue_data"
193		trim_value => "<>,"
194		prefix => "postfix."
195		remove_field => [ "postfix_keyvalue_data" ]
196		}
197
198		# some post processing of key-value data
199		if [postfix.client] {
200		grok {
201		patterns_dir => "/etc/logstash/patterns"
202		match => ["postfix.client", "^%{POSTFIX_CLIENT_INFO}$"]
203		tag_on_failure => [ "_grok_kv_postfix_client_nomatch" ]
204		remove_field => [ "postfix_client" ]
205		}
206		}
207		if [postfix.relay] {
208		grok {
209		patterns_dir => "/etc/logstash/patterns"
210		match => ["postfix.relay", "^%{POSTFIX_RELAY_INFO}$"]
211		tag_on_failure => [ "_grok_kv_postfix_relay_nomatch" ]
212		remove_field => [ "postfix_relay" ]
213		}
214		}
215		if [postfix.delays] {
216		grok {
217		patterns_dir => "/etc/logstash/patterns"
218		match => ["postfix.delays", "^%{POSTFIX_DELAYS}$"]
219		tag_on_failure => [ "_grok_kv_postfix_delays_nomatch" ]
220		remove_field => [ "postfix_delays" ]
221		}
222		}
223		}
224
225		# process command counter data if it exists
226		if [postfix.command_counter_data] {
227		grok {
228		patterns_dir => "/etc/logstash/patterns"
229		match => ["postfix_command_counter_data", "^%{POSTFIX_COMMAND_COUNTER_DATA}$"]
230		tag_on_failure => ["_grok_postfix_command_counter_data_nomatch"]
231		remove_field => ["postfix_command_counter_data"]
232		}
233		}
234
235		# Do some data type conversions
236		mutate {
237		convert => [
238		# list of integer fields
239		"postfix.anvil_cache_size", "integer",
240		"postfix.anvil_conn_count", "integer",
241		"postfix.anvil_conn_rate", "integer",
242		"postfix.client_port", "integer",
243		"postfix.cmd_auth", "integer",
244		"postfix.cmd_auth_accepted", "integer",
245		"postfix.cmd_count", "integer",
246		"postfix.cmd_count_accepted", "integer",
247		"postfix.cmd_data", "integer",
248		"postfix.cmd_data_accepted", "integer",
249		"postfix.cmd_ehlo", "integer",
250		"postfix.cmd_ehlo_accepted", "integer",
251		"postfix.cmd_helo", "integer",
252		"postfix.cmd_helo_accepted", "integer",
253		"postfix.cmd_mail", "integer",
254		"postfix.cmd_mail_accepted", "integer",
255		"postfix.cmd_quit", "integer",
256		"postfix.cmd_quit_accepted", "integer",
257		"postfix.cmd_rcpt", "integer",
258		"postfix.cmd_rcpt_accepted", "integer",
259		"postfix.cmd_rset", "integer",
260		"postfix.cmd_rset_accepted", "integer",
261		"postfix.cmd_starttls", "integer",
262		"postfix.cmd_starttls_accepted", "integer",
263		"postfix.cmd_unknown", "integer",
264		"postfix.cmd_unknown_accepted", "integer",
265		"postfix.nrcpt", "integer",
266		"postfix.postscreen_cache_dropped", "integer",
267		"postfix.postscreen_cache_retained", "integer",
268		"postfix.postscreen_dnsbl_rank", "integer",
269		"postfix.relay_port", "integer",
270		"postfix.server_port", "integer",
271		"postfix.size", "integer",
272		"postfix.status_code", "integer",
273		"postfix.termination_signal", "integer",
274
275		# list of float fields
276		"postfix.delay", "float",
277		"postfix.delay_before_qmgr", "float",
278		"postfix.delay_conn_setup", "float",
279		"postfix.delay_in_qmgr", "float",
280		"postfix.delay_transmission", "float",
281		"postfix.postscreen_violation_time", "float"
282		]
283		}
284		mutate {
285		rename => ["host", "server"]
286		convert => {"server" => "string"}
287		}
288
289		}
290
291		output {
292		elasticsearch {
293		hosts => "localhost:9200"
294		index => "postfix-%{+YYYY.MM.dd}"
295		}
296
297		}
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315