Imap input plugin download attachment

Aditya_Srivastava1 · December 17, 2020, 8:58am

Hi,

I am using imap input plugin to fetch email along with attachments. Below configuration gets me multiple fields but does not get the attachment content.
Can anyone help here how to download attachments while connection with imap

input { imap { host => "outlook.office365.com" port => 123 user => "user@abc.com" password => "******" check_interval => 3600 fetch_count => 100 folder => "Inbox" content_type => "application/gzip" } }

ylasri · December 17, 2020, 10:56am

try to add save_attachments parameter
When set to true the content of attachments will be included in the attachments.data field.

input { 
	imap { 
			host => "outlook.office365.com" 
			port => 123 
			user => "user@abc.com" 
			password => "******" 
			check_interval => 3600 
			fetch_count => 100 
			folder => "Inbox" 
			content_type => "application/gzip" 
			save_attachments => true
		}
	}

Aditya_Srivastava1 · December 17, 2020, 12:37pm

Hi,

Thanks for the reply
I tried adding this parameter, but it gives error

[ERROR] 2020-12-17 12:36:28.400 [Converge PipelineAction::Create] agent - Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"Java::JavaLang::IllegalStateException", :message=>"Unable to configure plugins: (ConfigurationError) Something is wrong with your configuration.",

** Only change I did was
save_attachments => true

ylasri · December 17, 2020, 1:19pm

What version of logstash are you using ?
I guess this option has been introduced with logstash 7.9.0 (check it here)

Aditya_Srivastava1 · December 17, 2020, 1:22pm

[INFO ] 2020-12-17 13:23:04.243 [LogStash::Runner] runner - Starting Logstash {"logstash.version"=>"7.8.0", "jruby.version"=>"jruby 9.2.11.1 (2.5.7) 2020-03-25 b1f55b1a40 OpenJDK 64-Bit Server VM 25.262-b10 on 1.8.0_262-b10 +indy +jit [linux-x86_64]"}
[INFO ] 2020-12-17 13:23:08.562 [Converge PipelineAction::Create] Reflections - Reflections took 127 ms to scan 1 urls, producing 21 keys and 41 values
[ERROR] 2020-12-17 13:23:09.082 [Converge PipelineAction::Create] imap - Unknown setting 'save_attachments' for imap

Its 7.8.0

Aditya_Srivastava1 · December 17, 2020, 1:24pm

Ok..Let me try it out with 7.9 then..I am using 7.8 right now.

Aditya_Srivastava1 · December 17, 2020, 5:13pm

Thanks @ylasri, its working with 7.9.x version of logstash. Only prob now is that attachments.data is encrypted and not in human readable format and so cant apply parsing to it.

Probably need to use some python code to fetch attachment, store at a location and then use logstash to read the file and parse it.

ylasri · December 17, 2020, 5:15pm

Check if the content is not base64 encoded ?

ylasri · December 17, 2020, 5:30pm

Yes it's base64 encoded and then you can use an other elasticsearch plugin Ingest Attachment Processor to ge the content of the attachmenet with an ingest pipeline

system · January 14, 2021, 5:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Plugin imap: get attachment Logstash	1	229	September 28, 2022
Unable to process attachments using logstash 7.6.0 IMAP Input plugin Logstash	3	1191	May 11, 2020
Trying to install the IMAP input plugin to logstash on windows Logstash	0	91	April 23, 2024
Logstash input imap plugin with attachment not decoding Logstash	1	266	February 10, 2023
Parse csv attachment in email with IMAP Logstash	1	309	November 2, 2020

Imap input plugin download attachment

Related topics