shipper.conf

input {
  stdin { }
  file {
    type => "postfix"
    path => ["/var/log/mail.*"]
  }
}

filter {
  if [type] == "postfix" {

    grok {
      patterns_dir => ["/etc/logstash/patterns"]
      match => [ "message", "%{POSTFIX}" ]
      add_tag => [ "postfix", "grokked", "%{component}" ]
    }
    date {
      match => [ "timestamp", "MMM dd YYY HH:mm:ss", "MMM  d YYY HH:mm:ss", "ISO8601" ]
      add_tag => [ "dated" ]
    }
    if "qmgr" in [tags] {
      grok {
        patterns_dir => ["/etc/logstash/patterns"]
        match => [ "message", "%{POSTFIXQMGR}" ]
        named_captures_only => true
      }
    }
    if "bounce" in [tags] {
      grok {
        patterns_dir => ["/etc/logstash/patterns"]
        match => [ "message", "%{POSTFIXBOUNCE}" ]
        named_captures_only => true
      }
    }
    if "cleanup" in [tags] {
      grok {
        patterns_dir => ["/etc/logstash/patterns"]
        match => [ "message", "%{POSTFIXCLEANUP}" ]
        named_captures_only => true
      }
    }
    if "smtpd" in [tags] {
      grok {
        patterns_dir => ["/etc/logstash/patterns"]
        match => [ "message", "%{POSTFIXSMTPD}"]
        named_captures_only => true
      }
    }
  }
}

output {
  stdout { }
  redis {
    host => "10.80.1.203"
    data_type => "list"
    key => "logstash"
  }
}