Comments (3)
zhenjl
commented on June 20, 2024
That makes sense. Let me think about this and see what the right solution is.
Do you have any sample logs you can share, even if just a few lines on the delays?
thx
Jian
from sequence.
cryptix
commented on June 20, 2024
No problem:
Feb 8 12:15:52 mail postfix/pipe[76139]: 499F62D65: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.24, delays=0.21/0/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb 8 13:06:55 mail postfix/pipe[76850]: 7CD542D74: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.3, delays=0.26/0/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb 8 14:36:54 mail postfix/pipe[78111]: C21CC2D9B: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=1, delays=0.99/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb 8 17:54:45 mail postfix/pipe[80790]: 3459A2DA6: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.19, delays=0.16/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb 8 20:46:25 mail postfix/pipe[83144]: 6549C2DCE: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.15, delays=0.13/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb 8 21:51:10 mail postfix/pipe[84059]: 440682230: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.9, delays=0.87/0/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb 8 21:51:37 mail postfix/pipe[84059]: 47FEE2DE5: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.83, delays=0.81/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb 8 23:49:58 mail postfix/pipe[85979]: B9E532E0B: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.19, delays=0.16/0/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
i also noticed that the dns=... is falsely recognized as an ip address. should I open a speerate issue for that?
from sequence.
zhenjl
commented on June 20, 2024
@cryptix now you can specify the type in the rule like this
"%msgtime% %apphost% %appname% [ %sessionid% ] : %msgid:integer% : to = < %srcemail% > , orig_to = < %string% > , relay = %string% , delay = %float% , delays = %string% , dsn = %string% , status = %status% ( %reason::+% )",
Notice %msgid:integer%, you can also specify %msgid:string%. So to match your examples, you can create two rules. One with integer, the other with string.
Also notice the last part of the rule, which is ( %reason::+% ). It means consume one or more reason tokens inside ( and ). You can actually just do %reason:+% as well.
The fields are now specified in cmd/sequence/sequence.toml. You can add your own fields of the format field:type where field is the field name, and type is the default type of the field. The default type is used when the field type is not specified in the rule.
I also fixed the DNS float issue.
Please let me know you would be able to test this out.
thx
Jian
from sequence.
Related Issues (20)
- Readme doesn't say how to run / build HOT 6
- Sequence can't handle Chinese HOT 2
- No output to `stdout` when output file flag is empty HOT 1
- Sequences with URI's are not matched correctly HOT 1
- URI's starting with "//" are not tokenized correctly HOT 1
- '|' (pipe character) causes error during analyze HOT 2
- Path not correctly analyse HOT 1
- ipv6 address not tokenized properly HOT 2
- syslog-ng patterndb integration HOT 1
- data folder is missing in the root directory HOT 1
- Been working on sequence for the last 2 months - would love to discuss HOT 3
- Why does the html tag identify as a tag. HOT 1
- unit test failed in analyzer_test.go HOT 1
- integer with trailing dot recognized as float HOT 1
- time not recognized at end of line HOT 2
- A greedy (whitespace-consuming) %string% type? HOT 6
- Unknown token encountered HOT 4
- show message counts HOT 3
- iostat output - split over multiple lines, and in multi-line table HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sequence.