Logstash grok filter for mailbox.log zimbra

aziz_007 · April 6, 2017, 12:17pm

hi i am triying to build a pattern fro this log line in mailbox.log for zimbra

2017-04-03 20:31:09,256 INFO [LmtpServer-3] [ip=192.168.1.102;] lmtp - Delivering message: size=1517 bytes, nrcpts=1, sender=admin@server.tn, msgid=20170403183049.4581C40F490F@zimbra.server.tn

this is how far i got in making the pattern
ZIMBRA_MAILBOXLOG %{YEAR:year}-%{MONTHNUM:month}-%{MONTHDAY:day} %{TIME:time},(?[d]*) %{WORD:loglevel} [%{DATA:class}] [%{IP:client}]

any help please to complete it thanks

Joe_Fleming · April 6, 2017, 9:02pm

I don't know if there's many grok experts in this neck of the woods. You might get more help by posting over in the logstash section.

aziz_007 · April 6, 2017, 9:10pm

ok think you

system · May 4, 2017, 9:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.