line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Log::Saftpresse::Plugin::Amavis; |
2
|
|
|
|
|
|
|
|
3
|
1
|
|
|
1
|
|
819
|
use Moose; |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
4
|
|
4
|
|
|
|
|
|
|
|
5
|
|
|
|
|
|
|
# ABSTRACT: plugin to parse amavisd-new logs |
6
|
|
|
|
|
|
|
our $VERSION = '1.5'; # VERSION |
7
|
|
|
|
|
|
|
|
8
|
|
|
|
|
|
|
|
9
|
|
|
|
|
|
|
extends 'Log::Saftpresse::Plugin'; |
10
|
|
|
|
|
|
|
|
11
|
|
|
|
|
|
|
with 'Log::Saftpresse::Plugin::Role::CounterUtils'; |
12
|
|
|
|
|
|
|
with 'Log::Saftpresse::Plugin::Role::Tracking'; |
13
|
|
|
|
|
|
|
|
14
|
1
|
|
|
1
|
|
3844
|
use Log::Saftpresse::Log4perl; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
94
|
|
15
|
1
|
|
|
1
|
|
4
|
use JSON; |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
7
|
|
16
|
|
|
|
|
|
|
|
17
|
|
|
|
|
|
|
has 'json' => ( |
18
|
|
|
|
|
|
|
is => 'ro', isa => 'JSON', lazy => 1, |
19
|
|
|
|
|
|
|
default => sub { JSON->new; }, |
20
|
|
|
|
|
|
|
); |
21
|
|
|
|
|
|
|
|
22
|
|
|
|
|
|
|
has 'test_stats' => ( is => 'ro', isa => 'Bool', default => 1 ); |
23
|
|
|
|
|
|
|
|
24
|
|
|
|
|
|
|
sub process { |
25
|
0
|
|
|
0
|
|
|
my ( $self, $stash, $notes ) = @_; |
26
|
0
|
|
|
|
|
|
my $program = $stash->{'program'}; |
27
|
0
|
0
|
0
|
|
|
|
if( ! defined $program || $program ne 'amavis' ) { |
28
|
0
|
|
|
|
|
|
return; |
29
|
|
|
|
|
|
|
} |
30
|
|
|
|
|
|
|
|
31
|
0
|
0
|
|
|
|
|
if ( my ( $log_id, $msg ) = $stash->{'message'} =~ /^\(([^\)]+)\) (.+)$/ ) { |
32
|
0
|
|
|
|
|
|
$stash->{'log_id'} = $log_id; |
33
|
0
|
|
|
|
|
|
$stash->{'message'} = $msg; |
34
|
|
|
|
|
|
|
} |
35
|
|
|
|
|
|
|
|
36
|
|
|
|
|
|
|
# if JSON logging is configured decode JSON |
37
|
0
|
0
|
|
|
|
|
if( $stash->{'message'} =~ /^{/ ) { |
38
|
0
|
|
|
|
|
|
my $json_data; |
39
|
0
|
|
|
|
|
|
eval { |
40
|
0
|
|
|
|
|
|
$json_data = $self->json->decode( $stash->{'message'} ); |
41
|
|
|
|
|
|
|
}; |
42
|
0
|
0
|
|
|
|
|
if( $@ ) { |
43
|
0
|
|
|
|
|
|
$log->warn('error while parsing amavis JSON log message: '.$@); |
44
|
0
|
|
|
|
|
|
return; |
45
|
|
|
|
|
|
|
} |
46
|
0
|
0
|
|
|
|
|
if( ref($json_data) ne 'HASH' ) { |
47
|
0
|
|
|
|
|
|
return; |
48
|
|
|
|
|
|
|
} |
49
|
0
|
|
|
|
|
|
@$stash{keys %$json_data} = values %$json_data; |
50
|
|
|
|
|
|
|
} |
51
|
|
|
|
|
|
|
|
52
|
0
|
0
|
|
|
|
|
if( ! defined $stash->{'action'} ) { |
53
|
0
|
|
|
|
|
|
return; |
54
|
|
|
|
|
|
|
} |
55
|
|
|
|
|
|
|
|
56
|
0
|
|
|
|
|
|
$self->get_tracking_id('queue_id', $stash, $notes); |
57
|
0
|
0
|
0
|
|
|
|
if( defined $stash->{'queued_as'} |
58
|
|
|
|
|
|
|
&& ref($stash->{'queued_as'}) eq 'ARRAY' ) { |
59
|
0
|
|
|
|
|
|
foreach my $queued_as_id ( @{$stash->{'queued_as'}} ) { |
|
0
|
|
|
|
|
|
|
60
|
0
|
|
|
|
|
|
$self->set_tracking_id('queue_id', $stash, $notes, $queued_as_id); |
61
|
|
|
|
|
|
|
} |
62
|
|
|
|
|
|
|
} |
63
|
|
|
|
|
|
|
|
64
|
0
|
|
|
|
|
|
$self->incr_host_one($stash, 'total' ); |
65
|
0
|
|
|
|
|
|
$self->count_fields_occur( $stash, 'content_type' ); |
66
|
0
|
|
|
|
|
|
$self->count_array_field_values( $stash, 'action' ); |
67
|
0
|
|
|
|
|
|
$self->count_fields_value( $stash, 'size', 'score' ); |
68
|
|
|
|
|
|
|
|
69
|
0
|
0
|
|
|
|
|
if( $self->test_stats ) { |
70
|
0
|
|
|
|
|
|
$self->count_array_field_values( $stash, 'tests' ); |
71
|
|
|
|
|
|
|
} |
72
|
|
|
|
|
|
|
|
73
|
0
|
|
|
|
|
|
return; |
74
|
|
|
|
|
|
|
} |
75
|
|
|
|
|
|
|
|
76
|
|
|
|
|
|
|
1; |
77
|
|
|
|
|
|
|
|
78
|
|
|
|
|
|
|
__END__ |
79
|
|
|
|
|
|
|
|
80
|
|
|
|
|
|
|
=pod |
81
|
|
|
|
|
|
|
|
82
|
|
|
|
|
|
|
=encoding UTF-8 |
83
|
|
|
|
|
|
|
|
84
|
|
|
|
|
|
|
=head1 NAME |
85
|
|
|
|
|
|
|
|
86
|
|
|
|
|
|
|
Log::Saftpresse::Plugin::Amavis - plugin to parse amavisd-new logs |
87
|
|
|
|
|
|
|
|
88
|
|
|
|
|
|
|
=head1 VERSION |
89
|
|
|
|
|
|
|
|
90
|
|
|
|
|
|
|
version 1.5 |
91
|
|
|
|
|
|
|
|
92
|
|
|
|
|
|
|
=head1 Description |
93
|
|
|
|
|
|
|
|
94
|
|
|
|
|
|
|
This plugin parses Amavis log lines. Currently only JSON format log lines are parsed. |
95
|
|
|
|
|
|
|
|
96
|
|
|
|
|
|
|
=head1 Synopsis |
97
|
|
|
|
|
|
|
|
98
|
|
|
|
|
|
|
<Plugin amavis> |
99
|
|
|
|
|
|
|
module = "Amavis" |
100
|
|
|
|
|
|
|
test_stats = 1 |
101
|
|
|
|
|
|
|
</Plugin> |
102
|
|
|
|
|
|
|
|
103
|
|
|
|
|
|
|
=head1 Options |
104
|
|
|
|
|
|
|
|
105
|
|
|
|
|
|
|
=over |
106
|
|
|
|
|
|
|
|
107
|
|
|
|
|
|
|
=item test_stats (default: 1) |
108
|
|
|
|
|
|
|
|
109
|
|
|
|
|
|
|
Enable/disable generation of a counter per spam/ham test. |
110
|
|
|
|
|
|
|
|
111
|
|
|
|
|
|
|
=back |
112
|
|
|
|
|
|
|
|
113
|
|
|
|
|
|
|
=head1 Configure Amavis/Rsyslog for JSON output |
114
|
|
|
|
|
|
|
|
115
|
|
|
|
|
|
|
First increase the maximum message size in rsyslog: |
116
|
|
|
|
|
|
|
|
117
|
|
|
|
|
|
|
$MaxMessageSize 32k |
118
|
|
|
|
|
|
|
|
119
|
|
|
|
|
|
|
Then configure your $log_templ in amavisd.conf for JSON output: |
120
|
|
|
|
|
|
|
|
121
|
|
|
|
|
|
|
$logline_maxlen = ( 32*1024 ) - 50; # 32k max message size, keep 50 bytes for syslog |
122
|
|
|
|
|
|
|
$log_templ = <<'EOD'; |
123
|
|
|
|
|
|
|
[:report_json] |
124
|
|
|
|
|
|
|
EOD |
125
|
|
|
|
|
|
|
|
126
|
|
|
|
|
|
|
=head1 Input |
127
|
|
|
|
|
|
|
|
128
|
|
|
|
|
|
|
This plugin expects a log line with |
129
|
|
|
|
|
|
|
|
130
|
|
|
|
|
|
|
'program' => 'amavis' |
131
|
|
|
|
|
|
|
|
132
|
|
|
|
|
|
|
and an amavis report_json message like |
133
|
|
|
|
|
|
|
|
134
|
|
|
|
|
|
|
'message' => '(04529-01) {"@timestamp":"2015-06-12T04:51:48.725Z","action":["PASS"],...}' |
135
|
|
|
|
|
|
|
|
136
|
|
|
|
|
|
|
=head1 Output |
137
|
|
|
|
|
|
|
|
138
|
|
|
|
|
|
|
The plugin will outout the field log_id and will copy all fields |
139
|
|
|
|
|
|
|
in the JSON data structure to the event. |
140
|
|
|
|
|
|
|
|
141
|
|
|
|
|
|
|
=head1 Counters |
142
|
|
|
|
|
|
|
|
143
|
|
|
|
|
|
|
The plugin will create the following counters: |
144
|
|
|
|
|
|
|
|
145
|
|
|
|
|
|
|
<host>.total |
146
|
|
|
|
|
|
|
<host>.content_type.<content_type> |
147
|
|
|
|
|
|
|
<host>.action.<action> |
148
|
|
|
|
|
|
|
<host>.size |
149
|
|
|
|
|
|
|
<host>.score |
150
|
|
|
|
|
|
|
|
151
|
|
|
|
|
|
|
If option test_stats is enabled: |
152
|
|
|
|
|
|
|
|
153
|
|
|
|
|
|
|
<host>.tests.<test> |
154
|
|
|
|
|
|
|
|
155
|
|
|
|
|
|
|
=head1 AUTHOR |
156
|
|
|
|
|
|
|
|
157
|
|
|
|
|
|
|
Markus Benning <ich@markusbenning.de> |
158
|
|
|
|
|
|
|
|
159
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE |
160
|
|
|
|
|
|
|
|
161
|
|
|
|
|
|
|
This software is Copyright (c) 1998 by James S. Seymour, 2015 by Markus Benning. |
162
|
|
|
|
|
|
|
|
163
|
|
|
|
|
|
|
This is free software, licensed under: |
164
|
|
|
|
|
|
|
|
165
|
|
|
|
|
|
|
The GNU General Public License, Version 2, June 1991 |
166
|
|
|
|
|
|
|
|
167
|
|
|
|
|
|
|
=cut |