Containerd+syslog+application parse

Matthias · March 15, 2023, 8:32am

Hi, i have an postfix instance running in an kubernetes pod.

The file: on the acquisition metrics works, but the log contain both containerd and syslog:

tail /var/log/containers/postfixdovecot-768574c74c-4hdx5_mailserver_postfix-a2bc0337632324995bcb1ad48d1b30b3dd0f4e53e4a3620b543711a140aa2233.log 
2023-03-15T08:27:19.343896509Z stdout F 2023-03-15T08:27:19.277346+00:00 postfixdovecot-768574c74c-4hdx5 postfix/smtpd[8527]: disconnect from unknown[1.1.1.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2023-03-15T08:27:19.343902332Z stdout F 2023-03-15T08:27:19.282795+00:00 postfixdovecot-768574c74c-4hdx5 postfix/smtpd[8533]: lost connection after AUTH from unknown[2.2.2.2]

The problem is that only containerd is parsed, the postfix collection expects that the messeage is parsed by syslog.

containerd parses the message as:
2023-03-15T08:27:19.282795+00:00 postfixdovecot-768574c74c-4hdx5 postfix/smtpd[8533]: lost connection after AUTH from unknown[2.2.2.2]

but postfix expects as message:
postfix/smtpd[8533]: lost connection after AUTH from unknown[2.2.2.2]

the question is, how to combine containerd and syslog on stage 0 ?

thanks!

iiAmLoz · March 21, 2023, 9:48am

I believe this was resolved via discord you can find the s00 combination here

Matthias · March 21, 2023, 9:48am

it is solved. this post was marked as spam. so i started a discussion at discord. thanks

Topic		Replies	Views
Nginx logs not being parsed	6	1064	September 15, 2021
Solution for parsing logs of docker containers crowdsec	5	3183	July 30, 2022
Crowdsec container and journald matches issues	4	1206	October 25, 2022
New install, postfix / IMAP	22	4393	March 4, 2021
Syslog is not getting parsed	3	987	February 20, 2023

Containerd+syslog+application parse

Related Topics