Postfix¶
Description¶
Product: Postfix
Log type(s): mx
Log sample¶
Parsing strategy¶
- Check if the log starts with a Postfix header: [postfix/qmgr[11981]] (where [qmgr] is [[app][name]])
- A [switch/case] on [[app][name]]
- A grok pattern dedicated to each [[app][name]] (the grok file is [punch/patterns/postfix.grok])
- The binding to normalized fields
Note: The grok variable mapping is [document:[init][group][name]] \<=> [%{USERNAME:init_group_name}]