{"id":13820623,"url":"https://github.com/ActionScripted/elastic-kibana-postfix","last_synced_at":"2025-05-16T10:31:48.467Z","repository":{"id":70090908,"uuid":"138898508","full_name":"ActionScripted/elastic-kibana-postfix","owner":"ActionScripted","description":"Kibana dashboards, visualizations and searches for Postfix","archived":false,"fork":false,"pushed_at":"2023-12-11T20:38:30.000Z","size":511,"stargazers_count":38,"open_issues_count":5,"forks_count":19,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-08-05T08:09:10.689Z","etag":null,"topics":["kibana","logstash","postfix"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ActionScripted.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-06-27T15:12:50.000Z","updated_at":"2024-02-10T02:49:41.000Z","dependencies_parsed_at":"2024-05-28T18:21:21.157Z","dependency_job_id":"47690183-e9ca-4c12-9d62-1281ae1e6fb6","html_url":"https://github.com/ActionScripted/elastic-kibana-postfix","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ActionScripted%2Felastic-kibana-postfix","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ActionScripted%2Felastic-kibana-postfix/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ActionScripted%2Felastic-kibana-postfix/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ActionScripted%2Felastic-kibana-postfix/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ActionScripted","download_url":"https://codeload.github.com/ActionScripted/elastic-kibana-postfix/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225423650,"owners_count":17472158,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kibana","logstash","postfix"],"created_at":"2024-08-04T08:01:06.137Z","updated_at":"2024-11-19T20:30:49.791Z","avatar_url":"https://github.com/ActionScripted.png","language":null,"funding_links":[],"categories":["Others"],"sub_categories":[],"readme":"Postfix Dashboards, Visualizations and Saved Searches for Kibana\n===\n\nA set of Kibana files to automatically setup a Postfix dashboard based on data stored in Elastic Search using [postfix-grok-patterns](https://github.com/whyscream/postfix-grok-patterns). Also includes Postfix log import setup information using Filebeat and Logstash.\n\n\n![Kibana dashboard screenshot](https://raw.githubusercontent.com/ActionScripted/elastic-kibana-postfix/master/screenshot.png)\n\n\nUsage\n---\n\nTwo import methods are supported: Kibana Management UI and Kibana Dashboard API. They both do the same thing, your choice is based on which you prefer or which one you have access to.\n\nThese imports should be run after setting up Logstash (and Filebeat) using [whyscream's postfix-grok-patterns](https://github.com/whyscream/postfix-grok-patterns) setup or our slightly modified version below.\n\n\n**Import using Management UI**:\n  * Open your Kibana dashboard.\n  * Go to Management \u003e Kibana \u003e Saved Objects.\n  * Click Import.\n  * Select all `kibana/ui-*` files:\n    * `kibana/ui-dashboards.json`\n    * `kibana/ui-searches.json`\n    * `kibana/ui-visualizations.json`\n  * Click Open\n  * View at Dashboards \u003e [Filebeat Postfix] Overview.\n\n**Import using Dashboard API**:\n  * Copy `kibana/api-combined.json` to your Kibana server.\n  * Run `curl -XPOST localhost:5601/api/kibana/dashboards/import -H 'kbn-xsrf:true' -H 'Content-type:application/json' -d @api-combined.json`\n  * View at Dashboards \u003e [Filebeat Postfix] Overview.\n\n\nSetup Logstash\n---\n\nWhile you can absolutely visit [postfix-grok-patterns](https://github.com/whyscream/postfix-grok-patterns) and get going I recommend using the following adjustments to keep your grok patterns isolated. The biggest change we're going to make is that we will use Filebeat for log shipping and we'll include a \"postfix\" field check for our grok patterns.\n\n\nCreate patterns directory (*if not present*):\n```bash\ncd /etc/logstash\nmkdir patterns.d\n```\n\nCreate `patterns.d/postfix.grok`:\n  * Grab https://github.com/whyscream/postfix-grok-patterns/blob/master/postfix.grok\n  * Put it at `patterns.d/postfix.grok`\n\nCreate `conf.d/48-beats-postfix-prepare.conf` (*or whatever you want to name it*):\n```yaml\nfilter {\n  if [postfix] {\n    grok {\n      match =\u003e { \"message\" =\u003e \"%{SYSLOGTIMESTAMP} %{SYSLOGHOST} %{DATA:program}(?:\\[%{POSINT}\\])?: %{GREEDYDATA:message}\" }\n      overwrite =\u003e \"message\"\n    }\n  }\n}\n```\n\n*Note: this is basically what's suggested from whyscream's repo, with our own postfix (field) check that's set as part of filebeat's shipper.*\n\nCreate `conf.d/49-beats-postfix.conf`:\n  * Grab https://github.com/whyscream/postfix-grok-patterns/blob/master/50-filter-postfix.conf\n  * Put it at `conf.d/49-beats-postfix.conf` (*or whatever you want to name it*)\n\nRestart logstash:\n```bash\nsystemctl restart logstash\n```\n\n\nSetup Filebeat\n---\n\nThe easiest way to ship our Postfix logs is using Filebeat. We're going to create a custom input with a \"postfix\" field that we use in our Logstash pipelines.\n\nCreate new configs directory:\n```bash\ncd /etc/filebeat/\nmkdir configs.d\n```\n\nCreate `configs.d/postfix.yml`:\n```yaml\n- type: log\n  paths:\n    - /var/log/mail.log*\n  exclude_files: [\".gz$\"]\n  fields:\n    postfix: true\n  fields_under_root: true\n```\n\nEdit `filebeat.yml`, add this (*near modules*):\n```yaml\n#======================= Filebeat (additional) configs ========================\n\nfilebeat.config.inputs:\n\n  # Change to true to enable, false to disable\n  enabled: true\n\n  # Glob pattern for configuration loading\n  path: ${path.config}/configs.d/*.yml\n```\n\nRestart filebeat:\n```bash\nsystemctl restart filebeat\n```\n\n\nLicense\n---\nMIT Licensed\n\n\nAcknowledgement\n---\nAll we're doing here is setting up Kibana visuals. The real work for most of this comes from [whyscream's postfix-grok-patterns](https://github.com/whyscream/postfix-grok-patterns). We just wrapped grok with a field check and setup Filebeat.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FActionScripted%2Felastic-kibana-postfix","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FActionScripted%2Felastic-kibana-postfix","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FActionScripted%2Felastic-kibana-postfix/lists"}