MTA ãŒåã maillog ã¯æ™®æ®µã‚ã¾ã‚Šè¦‹ãªã„ã®ã ã‘ã©ã€ãƒˆãƒ©ãƒ–ルãŒã‚ã£ãŸã¨ãã«ã¯å¤§å¤‰é‡è¦ã€‚ã“れも Mongo ã«å…¥ã‚Œã‚Œã°ã€å•ã„åˆã‚ã›ãŒã‚ã£ãŸã‚¢ãƒ‰ãƒ¬ã‚¹ã§æ¤œç´¢ã—ã¦ãƒã‚°ã‚’管ç†ç”»é¢ã§è¦‹ã‚‹ã¨ã‹ã§ãã¦ä¾¿åˆ©ï¼ã¨ã„ã†ã“ã¨ã§ã‚„ã£ã¦ã¿ãŸã€‚
# fluentd.conf <source> type tail path /var/log/maillog tag maillog format /^(?<date>[^ ]+) (?<host>[^ ]+) (?<process>[^:]+): (?<message>((?<key>[^ :]+)[ :])? ?((to|from)=<(?<address>[^>]+)>)?.*)$/ </source>
æ£è¦è¡¨ç¾ãŒãªã‹ãªã‹ã§ã™ãŒã€ã“れ㧠maillog ã‚’ parse ã—ã¦ä»¥ä¸‹ã®ã‚ˆã†ãªç”Ÿãƒã‚°ã‹ã‚‰
2012-03-26T19:49:56+09:00 worker001 postfix/smtp[13747]: 31C5C1C000C: to=<[email protected]>, relay=mx.example.com[127.0.0.1]:25, delay=0.74, delays=0.06/0.01/0.25/0.42, dsn=2.0.0, status=sent (250 ok dirdel)
以下ã®ã‚ˆã†ã«æ§‹é€ 化ã•ã‚ŒãŸãƒã‚°ã«å¤‰æ›ã—ãŸä¸Šã§ MongoDB ã«æŠ•å…¥ã§ãã¾ã™ã€‚
{ "address" : "[email protected]", "date" : "2012-03-26T19:49:56+09:00", "host" : "worker001", "key" : "31C5C1C000C", "message" : "31C5C1C000C: to=<[email protected]>, relay=mx.example.com[127.0.0.1]:25, delay=0.74, delays=0.06/0.01/0.25/0.42, dsn=2.0.0, status=sent (250 ok dirdel)", "process" : "postfix/smtp[13747]" }
Postfix ãŒãƒã‚°ã«åã queue id ("31C5C1C000C") ã¨ã€(to|from)=
- { address : "foo@example.com" } ã§æ¤œç´¢ã—㦠queue id ã‚’å¾—ã‚‹
- ãã® queue id ã§æ¤œç´¢ã—ã¦ä¸€é€£ã®å‡¦ç†ã®ãƒã‚°ã‚’抽出
ã¨ã„ã†ã“ã¨ãŒ (indexを使ã£ã¦é«˜é€Ÿã«) å¯èƒ½ã«ãªã‚Šã¾ã™ã€‚
複数å°ã‹ã‚‰ã®ç”Ÿãƒã‚°ã«ã¯æ™‚系列ã§è¤‡æ•°ã®å‡¦ç†ãŒå…¥ã‚Šäº¤ã˜ã‚‹ã®ã§ã€ä¸€é€£ã®ãƒã‚°ã®ã¿æŠ½å‡ºã™ã‚‹ã«ã¯å¤šå°‘工夫ãŒå¿…è¦ã§ã™ã。
