forked from eltrai/dovecot-grok-patterns
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdovecot.grok
40 lines (33 loc) · 2.12 KB
/
dovecot.grok
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# Utilities
GREEDYDATA_NO_COLON [^:]*
GREEDYDATA_NO_COMMA [^,]*
GREEDYDATA_RESTRICTIVE [^<>: ,]*
# Keywords
STORED stored
SAVED saved
IMAP imap
LMTP lmtp
# General patterns
DOVECOT_PROTOCOL %{IMAP}|%{LMTP}
DOVECOT_AUTHENTICATED_PREFIX \(%{EMAILADDRESS:[dovecot][user]}\)<%{INT:[dovecot][mpid]}><%{DATA:[dovecot][session]}>:
DOVECOT_ANONYMOUS_PREFIX \(%{INT:[dovecot][mpid]}\):
DOVECOT_PREFIX %{DOVECOT_AUTHENTICATED_PREFIX}|%{DOVECOT_ANONYMOUS_PREFIX}
DOVECOT_SAVED_MAIL %{SAVED:[dovecot][action]} mail to %{DATA:[dovecot][mailbox]}
DOVECOT_STORE_MAIL %{STORED:[dovecot][action]} mail into mailbox '%{DATA:[dovecot][mailbox]}'
# Master template
DOVECOT_MASTER master: (%{LOGLEVEL:[dovecot][loglevel]}: )?%{GREEDYDATA:[dovecot][message]}
# Login template
DOVECOT_DISCONNECT_REASON (Disconnected: %{GREEDYDATA_NO_COLON:[dovecot][disconnect_reason]}|Disconnected \(%{GREEDYDATA_NO_COLON:[dovecot][disconnect_reason]}\)|%{GREEDYDATA_NO_COLON:[dovecot][disconnect_reason]})
DOVECOT_LOGIN %{DOVECOT_PROTOCOL:[dovecot][protocol]}-login: (Login|%{DOVECOT_DISCONNECT_REASON}): %{DATA:[dovecot][keyvalue_data]}, (TLS(:? %{GREEDYDATA_NO_COMMA:[dovecot][tls_message]})?, )?session=<%{DATA:[dovecot][session]}>
# IMAP template
DOVECOT_IMAP_STATISTICS in=%{INT} out=%{INT}%{GREEDYDATA_NO_COLON}$
DOVECOT_IMAP %{IMAP:[dovecot][protocol]}%{DOVECOT_PREFIX} %{GREEDYDATA:[dovecot][disconnect_reason]} %{DOVECOT_IMAP_STATISTICS:[dovecot][keyvalue_data]}
# LMTP template
DOVECOT_LMTP_MESSAGE_CONNECT Connect from local
DOVECOT_LMTP_MESSAGE_DISCONNECT Disconnect from local: %{GREEDYDATA:[dovecot][disconnect_reason]}
DOVECOT_LMTP_MESSAGE_SAVED msgid=<?%{GREEDYDATA_RESTRICTIVE:[dovecot][msgid]}>?: %{DOVECOT_SAVED_MAIL}
DOVECOT_LMTP_MESSAGE_SIEVE sieve: msgid=(\? )?<?%{GREEDYDATA_RESTRICTIVE:[dovecot][msgid]}>?: (%{GREEDYDATA}: )?%{DOVECOT_STORE_MAIL}
DOVECOT_LMTP_MESSAGE %{DOVECOT_LMTP_MESSAGE_CONNECT}|%{DOVECOT_LMTP_MESSAGE_DISCONNECT}|%{DOVECOT_LMTP_MESSAGE_SIEVE}|%{DOVECOT_LMTP_MESSAGE_SAVED}
DOVECOT_LMTP %{LMTP:[dovecot][protocol]}%{DOVECOT_PREFIX} %{DOVECOT_LMTP_MESSAGE}
# Everything together
DOVECOT %{DOVECOT_MASTER}|%{DOVECOT_LOGIN}|%{DOVECOT_IMAP}|%{DOVECOT_LMTP}