Advertisement
Guest User

pattern

a guest
Oct 16th, 2019
246
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. POSTFIX_QUEUEID ([0-9A-F]{6,}|[0-9a-zA-Z]{12,})
  2. POSTFIX_CLIENT_INFO %{HOSTNAME:postfix.client_hostname}?\[%{IP:postfix.client_ip}\](:%{INT:postfix.client_port})?
  3. POSTFIX_RELAY_INFO %{HOSTNAME:postfix.relay_hostname}?\[(%{IP:postfix.relay_ip}|%{DATA:postfix.relay_service})\](:%{INT:postfix.relay_port})?|%{WORD:postfix.relay_service}
  4. POSTFIX_SMTP_STAGE (CONNECT|HELO|EHLO|STARTTLS|AUTH|MAIL( FROM)?|RCPT( TO)?|(end of )?DATA|RSET|UNKNOWN|END-OF-MESSAGE|VRFY|\.)
  5. POSTFIX_ACTION (accept|defer|discard|filter|header-redirect|reject)
  6. POSTFIX_STATUS_CODE \d{3}
  7. POSTFIX_STATUS_CODE_ENHANCED \d\.\d\.\d
  8. POSTFIX_DNSBL_MESSAGE Service unavailable; .* \[%{GREEDYDATA:postfix.status_data}\] %{GREEDYDATA:postfix.status_message};
  9. POSTFIX_PS_ACCESS_ACTION (DISCONNECT|BLACKLISTED|WHITELISTED|WHITELIST VETO|PASS NEW|PASS OLD)
  10. POSTFIX_PS_VIOLATION (BARE NEWLINE|COMMAND (TIME|COUNT|LENGTH) LIMIT|COMMAND PIPELINING|DNSBL|HANGUP|NON-SMTP COMMAND|PREGREET)
  11. POSTFIX_TIME_UNIT %{NUMBER}[smhd]
  12. POSTFIX_KEYVALUE_DATA [\w-]+=[^;]*
  13. POSTFIX_KEYVALUE %{POSTFIX_QUEUEID:postfix.queueid}: %{POSTFIX_KEYVALUE_DATA:postfix.keyvalue_data}
  14. POSTFIX_WARNING_LEVEL (warning|fatal|info)
  15.  
  16. POSTFIX_TLSCONN (Anonymous|Trusted|Untrusted|Verified) TLS connection established (to %{POSTFIX_RELAY_INFO}|from %{POSTFIX_CLIENT_INFO}): %{DATA:postfix.tls_version} with cipher %{DATA:postfix.tls_cipher} \(%{DATA:postfix.tls_cipher_size} bits\)
  17. POSTFIX_TLSVERIFICATION certificate verification failed for %{POSTFIX_RELAY_INFO}: %{GREEDYDATA:postfix.tls_error}
  18.  
  19. POSTFIX_DELAYS %{NUMBER:postfix.delay_before_qmgr}/%{NUMBER:postfix.delay_in_qmgr}/%{NUMBER:postfix.delay_conn_setup}/%{NUMBER:postfix.delay_transmission}
  20. POSTFIX_LOSTCONN (Connection timed out|No route to host|Connection refused|Network is unreachable|lost connection|timeout|SSL_accept error|-1)
  21. POSTFIX_LOSTCONN_REASONS (receiving the initial server greeting|sending message body|sending end of data -- message may be sent more than once)
  22. POSTFIX_PROXY_MESSAGE (%{POSTFIX_STATUS_CODE:postfix.proxy_status_code} )?(%{POSTFIX_STATUS_CODE_ENHANCED:postfix.proxy_status_code_enhanced})?.*
  23. POSTFIX_COMMAND_COUNTER_DATA (helo=(%{INT:postfix.cmd_helo_accepted}/)?%{INT:postfix.cmd_helo} )?(ehlo=(%{INT:postfix.cmd_ehlo_accepted}/)?%{INT:postfix.cmd_ehlo} )?(starttls=(%{INT:postfix.cmd_starttls_accepted}/)?%{INT:postfix.cmd_starttls} )?(auth=(%{INT:postfix.cmd_auth_accepted}/)?%{INT:postfix.cmd_auth} )?(mail=(%{INT:postfix.cmd_mail_accepted}/)?%{INT:postfix.cmd_mail} )?(rcpt=(%{INT:postfix.cmd_rcpt_accepted}/)?%{INT:postfix.cmd_rcpt} )?(data=(%{INT:postfix.cmd_data_accepted}/)?%{INT:postfix.cmd_data} )?(rset=(%{INT:postfix.cmd_rset_accepted}/)?%{INT:postfix.cmd_rset} )?(quit=(%{INT:postfix.cmd_quit_accepted}/)?%{INT:postfix.cmd_quit} )?(unknown=(%{INT:postfix.cmd_unknown_accepted}/)?%{INT:postfix.cmd_unknown} )?commands=(%{INT:postfix.cmd_count_accepted}/)?%{INT:postfix.cmd_count}
  24.  
  25. # helper patterns
  26. GREEDYDATA_NO_COLON [^:]*
  27. GREEDYDATA_NO_SEMICOLON [^;]*
  28. STATUS_WORD [\w-]*
  29.  
  30. # warning patterns
  31. POSTFIX_WARNING_WITH_KV (%{POSTFIX_QUEUEID:postfix.queueid}: )?%{POSTFIX_WARNING_LEVEL:postfix.message_level}: (%{POSTFIX_CLIENT_INFO}: )?%{GREEDYDATA:postfix.message}; %{POSTFIX_KEYVALUE_DATA:postfix.keyvalue_data}
  32. POSTFIX_WARNING_WITHOUT_KV (%{POSTFIX_QUEUEID:postfix.queueid}: )?%{POSTFIX_WARNING_LEVEL:postfix.message_level}: (%{POSTFIX_CLIENT_INFO}: )?%{GREEDYDATA:postfix.message}
  33. POSTFIX_WARNING %{POSTFIX_WARNING_WITH_KV}|%{POSTFIX_WARNING_WITHOUT_KV}
  34.  
  35. # smtpd patterns
  36. POSTFIX_SMTPD_CONNECT connect from %{POSTFIX_CLIENT_INFO}
  37. POSTFIX_SMTPD_DISCONNECT disconnect from %{POSTFIX_CLIENT_INFO}( %{GREEDYDATA:postfix.command_counter_data})?
  38. POSTFIX_SMTPD_LOSTCONN %{POSTFIX_LOSTCONN:postfix.smtpd_lostconn_data}( after %{POSTFIX_SMTP_STAGE:postfix.smtp_stage}( \(%{INT} bytes\))?)? from %{POSTFIX_CLIENT_INFO}(: %{GREEDYDATA:postfix.smtpd_lostconn_reason})?
  39. POSTFIX_SMTPD_NOQUEUE NOQUEUE: %{POSTFIX_ACTION:postfix.action}: %{POSTFIX_SMTP_STAGE:postfix.smtp_stage} from %{POSTFIX_CLIENT_INFO}:( %{POSTFIX_STATUS_CODE:postfix.status_code} %{POSTFIX_STATUS_CODE_ENHANCED:postfix.status_code_enhanced})?( <%{DATA:postfix.status_data}>:)? (%{POSTFIX_DNSBL_MESSAGE}|%{GREEDYDATA:postfix.status_message};) %{POSTFIX_KEYVALUE_DATA:postfix.keyvalue_data}
  40. POSTFIX_SMTPD_PIPELINING improper command pipelining after %{POSTFIX_SMTP_STAGE:postfix.smtp_stage} from %{POSTFIX_CLIENT_INFO}: %{GREEDYDATA:postfix.improper_pipelining_data}
  41. POSTFIX_SMTPD_PROXY proxy-%{POSTFIX_ACTION:postfix.proxy_result}: (%{POSTFIX_SMTP_STAGE:postfix.proxy_smtp_stage}): %{POSTFIX_PROXY_MESSAGE:postfix.proxy_message}; %{POSTFIX_KEYVALUE_DATA:postfix.keyvalue_data}
  42.  
  43. # cleanup patterns
  44. POSTFIX_CLEANUP_MILTER %{POSTFIX_QUEUEID:postfix.queueid}: milter-%{POSTFIX_ACTION:postfix.milter_result}: %{GREEDYDATA:postfix.milter_message}; %{GREEDYDATA_NO_COLON:postfix.keyvalue_data}(: %{GREEDYDATA:postfix.milter_data})?
  45.  
  46. # qmgr patterns
  47. POSTFIX_QMGR_REMOVED %{POSTFIX_QUEUEID:postfix.queueid}: removed
  48. POSTFIX_QMGR_ACTIVE %{POSTFIX_QUEUEID:postfix.queueid}: %{POSTFIX_KEYVALUE_DATA:postfix.keyvalue_data} \(queue active\)
  49. POSTFIX_QMGR_EXPIRED %{POSTFIX_QUEUEID:postfix.queueid}: from=<%{DATA:postfix.from}>, status=%{STATUS_WORD:postfix.status}, returned to sender
  50.  
  51. # pipe patterns
  52. POSTFIX_PIPE_ANY %{POSTFIX_QUEUEID:postfix.queueid}: %{POSTFIX_KEYVALUE_DATA:postfix.keyvalue_data}, status=%{STATUS_WORD:postfix.status} \(%{GREEDYDATA:postfix.pipe_response}\)
  53.  
  54. # error patterns
  55. POSTFIX_ERROR_ANY %{POSTFIX_QUEUEID:postfix.queueid}: %{POSTFIX_KEYVALUE_DATA:postfix.keyvalue_data}, status=%{STATUS_WORD:postfix.status} \(%{GREEDYDATA:postfix.error_response}\)
  56.  
  57. # discard patterns
  58. POSTFIX_DISCARD_ANY %{POSTFIX_QUEUEID:postfix.queueid}: %{POSTFIX_KEYVALUE_DATA:postfix.keyvalue_data} status=%{STATUS_WORD:postfix.status} %{GREEDYDATA}
  59.  
  60. # postsuper patterns
  61. POSTFIX_POSTSUPER_ACTIONS (removed|requeued|placed on hold|released from hold)
  62. POSTFIX_POSTSUPER_ACTION %{POSTFIX_QUEUEID:postfix.queueid}: %{POSTFIX_POSTSUPER_ACTIONS:postfix.postsuper_action}
  63. POSTFIX_POSTSUPER_SUMMARY_ACTIONS (Deleted|Requeued|Placed on hold|Released from hold)
  64. POSTFIX_POSTSUPER_SUMMARY %{POSTFIX_POSTSUPER_SUMMARY_ACTIONS:postfix.postsuper_summary_action}: %{NUMBER:postfix.postsuper_summary_count} messages?
  65.  
  66. # postscreen patterns
  67. POSTFIX_PS_CONNECT CONNECT from %{POSTFIX_CLIENT_INFO} to \[%{IP:postfix.server_ip}\]:%{INT:postfix.server_port}
  68. POSTFIX_PS_ACCESS %{POSTFIX_PS_ACCESS_ACTION:postfix.postscreen_access} %{POSTFIX_CLIENT_INFO}
  69. POSTFIX_PS_NOQUEUE %{POSTFIX_SMTPD_NOQUEUE}
  70. POSTFIX_PS_TOOBUSY NOQUEUE: reject: CONNECT from %{POSTFIX_CLIENT_INFO}: %{GREEDYDATA:postfix.postscreen_toobusy_data}
  71. POSTFIX_PS_DNSBL %{POSTFIX_PS_VIOLATION:postfix.postscreen_violation} rank %{INT:postfix.postscreen_dnsbl_rank} for %{POSTFIX_CLIENT_INFO}
  72. POSTFIX_PS_CACHE cache %{DATA} full cleanup: retained=%{NUMBER:postfix.postscreen_cache_retained} dropped=%{NUMBER:postfix.postscreen_cache_dropped} entries
  73. POSTFIX_PS_VIOLATIONS %{POSTFIX_PS_VIOLATION:postfix.postscreen_violation}( %{INT})?( after %{NUMBER:postfix.postscreen_violation_time})? from %{POSTFIX_CLIENT_INFO}(( after %{POSTFIX_SMTP_STAGE:postfix.smtp_stage})?(: %{GREEDYDATA:postfix.postscreen_data})?| in tests (after|before) SMTP handshake)
  74.  
  75. # dnsblog patterns
  76. POSTFIX_DNSBLOG_LISTING addr %{IP:postfix.client_ip} listed by domain %{HOSTNAME:postfix.dnsbl_domain} as %{IP:postfix.dnsbl_result}
  77.  
  78. # tlsproxy patterns
  79. POSTFIX_TLSPROXY_CONN (DIS)?CONNECT( from)? %{POSTFIX_CLIENT_INFO}
  80.  
  81. # anvil patterns
  82. POSTFIX_ANVIL_CONN_RATE statistics: max connection rate %{NUMBER:postfix.anvil_conn_rate}/%{POSTFIX_TIME_UNIT:postfix.anvil_conn_period} for \(%{DATA:postfix.service}:%{IP:postfix.client_ip}\) at %{SYSLOGTIMESTAMP:postfix.anvil_timestamp}
  83. POSTFIX_ANVIL_CONN_CACHE statistics: max cache size %{NUMBER:postfix.anvil_cache_size} at %{SYSLOGTIMESTAMP:postfix.anvil_timestamp}
  84. POSTFIX_ANVIL_CONN_COUNT statistics: max connection count %{NUMBER:postfix.anvil_conn_count} for \(%{DATA:postfix.service}:%{IP:postfix.client_ip}\) at %{SYSLOGTIMESTAMP:postfix.anvil_timestamp}
  85.  
  86. # smtp patterns
  87. POSTFIX_SMTP_DELIVERY %{POSTFIX_KEYVALUE} status=%{STATUS_WORD:postfix.status}( \(%{GREEDYDATA:postfix.smtp_response}\))?
  88. POSTFIX_SMTP_CONNERR connect to %{POSTFIX_RELAY_INFO}: %{POSTFIX_LOSTCONN:postfix.smtp_lostconn_data}
  89. POSTFIX_SMTP_SSLCONNERR SSL_connect error to %{POSTFIX_RELAY_INFO}: %{POSTFIX_LOSTCONN:postfix.smtp_lostconn_data}
  90. POSTFIX_SMTP_LOSTCONN %{POSTFIX_QUEUEID:postfix.queueid}: %{POSTFIX_LOSTCONN:postfix.smtp_lostconn_data} with %{POSTFIX_RELAY_INFO}( while %{POSTFIX_LOSTCONN_REASONS:postfix.smtp_lostconn_reason})?
  91. POSTFIX_SMTP_TIMEOUT %{POSTFIX_QUEUEID:postfix.queueid}: conversation with %{POSTFIX_RELAY_INFO} timed out( while %{POSTFIX_LOSTCONN_REASONS:postfix.smtp_lostconn_reason})?
  92. POSTFIX_SMTP_RELAYERR %{POSTFIX_QUEUEID:postfix.queueid}: host %{POSTFIX_RELAY_INFO} said: %{GREEDYDATA:postfix.smtp_response} \(in reply to %{POSTFIX_SMTP_STAGE:postfix.smtp_stage} command\)
  93. POSTFIX_SMTP_UTF8 host %{POSTFIX_RELAY_INFO} offers SMTPUTF8 support, but not 8BITMIME
  94.  
  95. # master patterns
  96. POSTFIX_MASTER_START (daemon started|reload) -- version %{DATA:postfix.version}, configuration %{PATH:postfix.config_path}
  97. POSTFIX_MASTER_EXIT terminating on signal %{INT:postfix.termination_signal}
  98.  
  99. # bounce patterns
  100. POSTFIX_BOUNCE_NOTIFICATION %{POSTFIX_QUEUEID:postfix.queueid}: sender (non-delivery|delivery status|delay) notification: %{POSTFIX_QUEUEID:postfix.bounce_queueid}
  101.  
  102. # scache patterns
  103. POSTFIX_SCACHE_LOOKUPS statistics: (address|domain) lookup hits=%{INT:postfix.scache_hits} miss=%{INT:postfix.scache_miss} success=%{INT:postfix.scache_success}%
  104. POSTFIX_SCACHE_SIMULTANEOUS statistics: max simultaneous domains=%{INT:postfix.scache_domains} addresses=%{INT:postfix.scache_addresses} connection=%{INT:postfix.scache_connection}
  105. POSTFIX_SCACHE_TIMESTAMP statistics: start interval %{SYSLOGTIMESTAMP:postfix.scache_timestamp}
  106.  
  107. # aggregate all patterns
  108. POSTFIX_SMTPD %{POSTFIX_SMTPD_CONNECT}|%{POSTFIX_SMTPD_DISCONNECT}|%{POSTFIX_SMTPD_LOSTCONN}|%{POSTFIX_SMTPD_NOQUEUE}|%{POSTFIX_SMTPD_PIPELINING}|%{POSTFIX_TLSCONN}|%{POSTFIX_WARNING}|%{POSTFIX_SMTPD_PROXY}|%{POSTFIX_KEYVALUE}
  109. POSTFIX_CLEANUP %{POSTFIX_CLEANUP_MILTER}|%{POSTFIX_WARNING}|%{POSTFIX_KEYVALUE}
  110. POSTFIX_QMGR %{POSTFIX_QMGR_REMOVED}|%{POSTFIX_QMGR_ACTIVE}|%{POSTFIX_QMGR_EXPIRED}|%{POSTFIX_WARNING}
  111. POSTFIX_PIPE %{POSTFIX_PIPE_ANY}
  112. POSTFIX_POSTSCREEN %{POSTFIX_PS_CONNECT}|%{POSTFIX_PS_ACCESS}|%{POSTFIX_PS_NOQUEUE}|%{POSTFIX_PS_TOOBUSY}|%{POSTFIX_PS_CACHE}|%{POSTFIX_PS_DNSBL}|%{POSTFIX_PS_VIOLATIONS}|%{POSTFIX_WARNING}
  113. POSTFIX_DNSBLOG %{POSTFIX_DNSBLOG_LISTING}|%{POSTFIX_WARNING}
  114. POSTFIX_ANVIL %{POSTFIX_ANVIL_CONN_RATE}|%{POSTFIX_ANVIL_CONN_CACHE}|%{POSTFIX_ANVIL_CONN_COUNT}
  115. POSTFIX_SMTP %{POSTFIX_SMTP_DELIVERY}|%{POSTFIX_SMTP_CONNERR}|%{POSTFIX_SMTP_SSLCONNERR}|%{POSTFIX_SMTP_LOSTCONN}|%{POSTFIX_SMTP_TIMEOUT}|%{POSTFIX_SMTP_RELAYERR}|%{POSTFIX_TLSCONN}|%{POSTFIX_WARNING}|%{POSTFIX_SMTP_UTF8}|%{POSTFIX_TLSVERIFICATION}
  116. POSTFIX_DISCARD %{POSTFIX_DISCARD_ANY}|%{POSTFIX_WARNING}
  117. POSTFIX_LMTP %{POSTFIX_SMTP}
  118. POSTFIX_PICKUP %{POSTFIX_KEYVALUE}
  119. POSTFIX_TLSPROXY %{POSTFIX_TLSPROXY_CONN}|%{POSTFIX_WARNING}
  120. POSTFIX_MASTER %{POSTFIX_MASTER_START}|%{POSTFIX_MASTER_EXIT}|%{POSTFIX_WARNING}
  121. POSTFIX_BOUNCE %{POSTFIX_BOUNCE_NOTIFICATION}
  122. POSTFIX_SENDMAIL %{POSTFIX_WARNING}
  123. POSTFIX_POSTDROP %{POSTFIX_WARNING}
  124. POSTFIX_SCACHE %{POSTFIX_SCACHE_LOOKUPS}|%{POSTFIX_SCACHE_SIMULTANEOUS}|%{POSTFIX_SCACHE_TIMESTAMP}
  125. POSTFIX_TRIVIAL_REWRITE %{POSTFIX_WARNING}
  126. POSTFIX_TLSMGR %{POSTFIX_WARNING}
  127. POSTFIX_LOCAL %{POSTFIX_KEYVALUE}|%{POSTFIX_WARNING}
  128. POSTFIX_VIRTUAL %{POSTFIX_SMTP_DELIVERY}
  129. POSTFIX_ERROR %{POSTFIX_ERROR_ANY}
  130. POSTFIX_POSTSUPER %{POSTFIX_POSTSUPER_ACTION}|%{POSTFIX_POSTSUPER_SUMMARY}
Advertisement
Advertisement
Advertisement
RAW Paste Data Copied
Advertisement