grok 2 log lines

First log line:

Oct 23 03:38:50 machine1 MailScanner[21462]: Message 5A6C7D2.C4D8 from IP (sender@live.dimaster.ch) to host.com is not spam, SpamAssassin (not cached, score=1.741, required 50, autolearn=disabled, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.64, MIME_HTML_ONLY 1.10)

 

Grok pattern1:

%{SYSLOGBASE} Message %{GREEDYDATA:id} from %{IP:ip} \(%{EMAILLOCALPART:email_localpart}@%{HOSTNAME:email_host}\) to %{HOSTNAME:to}, %{GREEDYDATA:info}

 

Custom pattern: EMAILLOCALPART [a-zA-Z][a-zA-Z0-9_.+-=:]+

 

 

 

------------------------------------------------------------------------------------------------------------------------

 

Second log line:

Oct 23 03:38:50 machine2 MailScanner[20549]: Message 40C7F6.A9E51 from IP(account2@yandex.com) to host.com, SpamAssassin (not cached, score=66.48, required 50, autolearn=disabled, CMAE_1 50.00, FREEMAIL_FROM 0.00, HTML_MESSAGE 0.00, MIME_HTML_ONLY 1.10, NO_PHISHING1 15.00, RDNS_DYNAMIC 0.36, T_REMOTE_IMAGE 0.01)

 

%{SYSLOGBASE} Message %{GREEDYDATA:id} from %{IP:ip} \(%{EMAILLOCALPART:email_localpart}@%{HOSTNAME:email_host}\) to %{HOSTNAME:to}, %{GREEDYDATA:info}

 

Custom pattern: EMAILLOCALPART [a-zA-Z][a-zA-Z0-9_.+-=:]+