Add pattern to extract warnings from postfix-script loglines

whyscream · whyscream · commit 0529d6964f82 · 2023-01-31T22:11:16.000+01:00
diff --git a/50-filter-postfix.conf b/50-filter-postfix.conf
@@ -168,6 +168,13 @@ filter {
             tag_on_failure => [ "_grok_postfix_postmap_nomatch" ]
             add_tag        => [ "_grok_postfix_success" ]
         }
+    } else if [program] =~ /^postfix.*\/postfix-script$/ {
+        grok {
+            patterns_dir   => "/etc/logstash/patterns.d"
+            match          => [ "message", "^%{POSTFIX_SCRIPT}$" ]
+            tag_on_failure => [ "_grok_postfix_script_nomatch" ]
+            add_tag        => [ "_grok_postfix_success" ]
+        }
     } else if [program] =~ /^postfix.*/ {
         mutate {
             add_tag => [ "_grok_postfix_program_nomatch" ]
diff --git a/postfix.grok b/postfix.grok
@@ -138,3 +138,4 @@ POSTFIX_VIRTUAL %{POSTFIX_SMTP_DELIVERY}
 POSTFIX_ERROR %{POSTFIX_ERROR_ANY}
 POSTFIX_POSTSUPER %{POSTFIX_POSTSUPER_ACTION}|%{POSTFIX_POSTSUPER_SUMMARY}
 POSTFIX_POSTMAP %{POSTFIX_WARNING}
+POSTFIX_SCRIPT %{POSTFIX_WARNING}
diff --git a/test/script_0001.yaml b/test/script_0001.yaml
@@ -0,0 +1,5 @@
+pattern: ^%{POSTFIX_SCRIPT}$
+data: "warning: symlink leaves directory: /etc/postfix/./makedefs.out"
+results:
+    postfix_message_level: warning
+    postfix_message: "symlink leaves directory: /etc/postfix/./makedefs.out"
