How Filter Logs of Mdaemon?

Hello

I'm new in Logstash and I was trying to filter the logs of Mdaemon to visualise it in Kibana. The logs are in a file and are formed by multiple lines. They are separated with dashes like this "----------". I leave an example here:

Sun 2019-05-26 00:01:09.462: ----------
Sun 2019-05-26 00:01:09.230: Session 198339; child 0009
Sun 2019-05-26 00:01:09.230: Accepting IMAP connection from 83.45.125.176:41354 to 10.0.11.53:993
Sun 2019-05-26 00:01:09.291: SSL negotiation successful
Sun 2019-05-26 00:01:09.291: --> * OK grupantonio.com IMAP4rev1 MDaemon 18.5.1 ready
Sun 2019-05-26 00:01:09.592: <-- 1 CAPABILITY
Sun 2019-05-26 00:01:09.592: --> * CAPABILITY IMAP4rev1 NAMESPACE AUTH=CRAM-MD5 AUTH=LOGIN AUTH=PLAIN IDLE ACL UNSELECT UIDPLUS QUOTA BINARY XLIST SASL-IR
Sun 2019-05-26 00:01:09.592: --> 1 OK CAPABILITY completed
Sun 2019-05-26 00:01:09.649: <-- 2 LOGIN "acol@grupantonio.com" ******
Sun 2019-05-26 00:01:09.654: Authenticated as acol@grupantonio.com
Sun 2019-05-26 00:01:09.688: --> 2 OK LOGIN completed
Sun 2019-05-26 00:01:09.735: <-- 3 SELECT "INBOX"
Sun 2019-05-26 00:01:09.749: --> * FLAGS (\Seen \Answered \Flagged \Deleted \Draft \Recent $Forwarded $MDNSent)
Sun 2019-05-26 00:01:09.749: --> * 439 EXISTS
Sun 2019-05-26 00:01:09.749: --> * 0 RECENT
Sun 2019-05-26 00:01:09.749: --> * OK [UIDVALIDITY 1337788604] UIDs valid
Sun 2019-05-26 00:01:09.749: --> * OK [UIDNEXT 32231] Predicted next UID
Sun 2019-05-26 00:01:09.749: --> * OK [PERMANENTFLAGS (\Seen \Answered \Flagged \Deleted \Draft $Forwarded $MDNSent)] .
Sun 2019-05-26 00:01:09.749: --> 3 OK [READ-WRITE] SELECT completed
Sun 2019-05-26 00:01:09.797: <-- 4 UID SEARCH 1:439 SINCE 26-May-2019
Sun 2019-05-26 00:01:09.803: --> * SEARCH
Sun 2019-05-26 00:01:09.803: --> 4 OK SEARCH completed
Sun 2019-05-26 00:01:09.862: <-- 5 UID SEARCH 1:439 SINCE 26-May-2019 NOT DELETED
Sun 2019-05-26 00:01:09.866: --> * SEARCH
Sun 2019-05-26 00:01:09.866: --> 5 OK SEARCH completed
Sun 2019-05-26 00:01:09.936: Socket connection closed by the other side (how rude!)
Sun 2019-05-26 00:01:09.937: IMAP session terminated, (Bytes in/out: 853/2336)
Sun 2019-05-26 00:01:09.937: ----------
Sun 2019-05-26 00:01:09.746: Session 198340; child 0009
Sun 2019-05-26 00:01:09.746: Accepting IMAP connection from 91.38.630.93:59716 to 10.0.11.53:143
Sun 2019-05-26 00:01:09.748: --> * OK grupantonio.com IMAP4rev1 MDaemon 18.5.1 ready
Sun 2019-05-26 00:01:09.925: <-- 1 CAPABILITY
Sun 2019-05-26 00:01:09.925: --> * CAPABILITY IMAP4rev1 NAMESPACE AUTH=CRAM-MD5 AUTH=LOGIN AUTH=PLAIN IDLE STARTTLS ACL UNSELECT UIDPLUS QUOTA BINARY XLIST SASL-IR
Sun 2019-05-26 00:01:09.925: --> 1 OK CAPABILITY completed
Sun 2019-05-26 00:01:10.085: <-- 2 LOGIN "Lluiso Ramones" ******
Sun 2019-05-26 00:01:10.087: La cuenta no existe
Sun 2019-05-26 00:01:10.087: **** ALERT **** Failed IMAP authentication attempt from 91.686.280.53 for "Lluiso Ramones@grupantonio.com" [EvSecurity]
Sun 2019-05-26 00:01:10.087: --> 2 NO LOGIN failed
Sun 2019-05-26 00:01:10.295: <-- 3 LOGOUT
Sun 2019-05-26 00:01:10.295: --> * BYE IMAP engine signing off (no errors)
Sun 2019-05-26 00:01:10.295: --> 3 OK LOGOUT completed
Sun 2019-05-26 00:01:10.295: IMAP session complete, (Bytes in/out: 56/297)
Sun 2019-05-26 00:01:10.296: ----------

How to indicate that the content of the message is all the text between the dashes??

Sorry for my bad english, i hope you can help me! Thx

Use a multiline codec on your input.

I already tried and I can't get it to work

What have you tried and what do you not like about the result?

Hi Badger, I was moved to a other project, but thanks for your replys!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.