Hi,
I have been working in rsyslog filter for SpamAssassin log but need help
with parse.
The line log example is:
1c1B3I-0003tt-5p H=unhabell.500mail.com.br (smtp.example.com.br)
[XX.XXX.XXX.XXX]:37866 Warning: "SpamAssassin as QA detected message as NOT
spam (2.6)"
My parser:
rule=:%id_msg:word% H=%host:word% (%smtp:word%)
[%clientip:ipv4%]:%porta:word% Warning: "%tag:word% as %usuario:word%
detected message as %status_spam:word% spam (%-:number%.%-:number%)"
But when check this parser with lognormalizer I receive this message:
head -n1 parser.log | lognormalizer -r smtp.rb -e json
{"originalmsg": "1c1B3I-0003tt-5p H=unhabell.500mail.com.br (
smtp.example.com.br) [XX.XXX.XXX.XXX]:37866 Warning: \"SpamAssassin as QA
detected message as NOT spam (2.6)\"", "unparsed-data": "
[XX.XXX.XXX.XXX]:37866 Warning: \"SpamAssassin as QA detected message as
NOT spam (2.6)\""}
Anyone can help?
Tks!
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
