Log::Saftpresse::Plugin::Amavis - plugin to parse amavisd-new logs
version 1.5
This plugin parses Amavis log lines. Currently only JSON format log lines are parsed.
<Plugin amavis> module = "Amavis" test_stats = 1 </Plugin>
Enable/disable generation of a counter per spam/ham test.
First increase the maximum message size in rsyslog:
$MaxMessageSize 32k
Then configure your $log_templ in amavisd.conf for JSON output:
$logline_maxlen = ( 32*1024 ) - 50; # 32k max message size, keep 50 bytes for syslog $log_templ = <<'EOD'; [:report_json] EOD
This plugin expects a log line with
'program' => 'amavis'
and an amavis report_json message like
'message' => '(04529-01) {"@timestamp":"2015-06-12T04:51:48.725Z","action":["PASS"],...}'
The plugin will outout the field log_id and will copy all fields in the JSON data structure to the event.
The plugin will create the following counters:
<host>.total <host>.content_type.<content_type> <host>.action.<action> <host>.size <host>.score
If option test_stats is enabled:
<host>.tests.<test>
Markus Benning <ich@markusbenning.de>
This software is Copyright (c) 1998 by James S. Seymour, 2015 by Markus Benning.
This is free software, licensed under:
The GNU General Public License, Version 2, June 1991
To install Log::Saftpresse, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Log::Saftpresse
CPAN shell
perl -MCPAN -e shell install Log::Saftpresse
For more information on module installation, please visit the detailed CPAN module installation guide.