Thursday, February 5, 2015

logstash rule for PowerMTA accounting files

It turns out that the logstash, elasticsearch, Kibana (ELK) stack is also very useful for mail server logs from PowerMTA.  PowerMTA's main method of logging is to the accounting files, this is a CSV format file, and logstash has a CSV filter.

To use the logstash filter on an accounting file: