Re: [exim] Analysis of Exim Log data

Góra strony
Delete this message
Reply to this message
Autor: Jon Gerdes
Data:  
Dla: exim-users@exim.org
Temat: Re: [exim] Analysis of Exim Log data
On Tue, 2016-08-16 at 16:16 +0000, Robert Bannocks wrote:
> Hi,
>
> Are there any tools available to process Exim log data?  I am looking
> to take the log files and produce a data set with one row per message
> with columns including the following information: message size, id,
> incoming host, incoming ip address, to an from address as they arrive
> at Exim (prior to expansion), protocol, port, there could be other
> information that is useful.  I would rather not re-invent the whele
> and write a perl or python script.   Can anyone assist.
>
> Best
>
> Rob



Rob

Given your requirements as stated, ELK etc will be overkill.  I assume
that you basically need the contents of the "<=" log lines.  The format
of these are pretty well documented and are essentially a series of key
value pairs although the H= for example are a right pain to parse due
to the numerous formats that appear depending on DNS look ups.

I would then send the logs through something like rsyslog and use that
to parse and output the fields you need to a separate file or even a
database. You can obviously send the "raw" logs to the usual place as
well.

Note that you may have multiple recipients and that some information
that you might want in the future will only be available within some
custom acl.  These things rapidly spiral out of control!

Before you know where you are you'll need a correlator but if you stick
to your original request you'll be fine.

You could add a logwrite at strategic point(s) in your config which
outputs all the fields you want via expansion variables  with a special
code at the start which rsyslog selects for and dumps elsewhere.

Cheers
Jon

Blueloop Ltd
01460 271055
https://www.blueloop.net
Blueloop House, Ilchester Road, YEOVIL, BA21 3AA Registered England & Wales - 3981322