fluentd qmail log parser(tcpserver)

gistfile1.txt

<source>
  type tail
  format /^(?<time>[^ ]*  *[^ ]* [^ ]*) (?<host>[^ ]*) qmail: (?<unixtime>[^ ]*) (?<event>[^ ]*) msg (?<msg>[^ ]*)$/
  time_format %b %d %H:%M:%S
  path /tmp/maillog
  pos_file /tmp/fluentd.pos.1
  tag maillog.qmail
</source>

<source>
  type tail
  format /^(?<time>[^ ]*  *[^ ]* [^ ]*) (?<host>[^ ]*) qmail: (?<unixtime>[^ ]*) (?<event>[^ ]*) msg (?<msg>[^ ]*) qp (?<qp>[^ ]*)$/
  time_format %b %d %H:%M:%S
  path /tmp/maillog
  pos_file /tmp/fluentd.pos.2
  tag maillog.qmail
</source>

<source>
  type tail
  format /^(?<time>[^ ]*  *[^ ]* [^ ]*) (?<host>[^ ]*) qmail: (?<unixtime>[^ ]*) status: local (?<local>[^ ]*) remote (?<remote>[^ ]*)$/
  time_format %b %d %H:%M:%S
  path /tmp/maillog
  pos_file /tmp/fluentd.pos.3
  tag maillog.qmail
</source>

<source>
  type tail
  format /^(?<time>[^ ]*  *[^ ]* [^ ]*) (?<host>[^ ]*) qmail: (?<unixtime>[^ ]*) info msg (?<msg>[^ :]*): bytes (?<bytes>[^ ]*) from (?<from>[^ ]*) qp (?<qp>[^ ]*) uid (?<uid>[^ ]*)$/
  time_format %b %d %H:%M:%S
  path /tmp/maillog
  pos_file /tmp/fluentd.pos.4
  tag maillog.qmail
</source>

<source>
  type tail
  format /^(?<time>[^ ]*  *[^ ]* [^ ]*) (?<host>[^ ]*) qmail: (?<unixtime>[^ ]*) starting delivery (?<delivery>[^ :]*): msg (?<msg>[^ ]*) to (?<dest>[^ ]*) (?<to>[^ ]*)$/
  time_format %b %d %H:%M:%S
  path /tmp/maillog
  pos_file /tmp/fluentd.pos.5
  tag maillog.qmail
</source>

<source>
  type tail
  format /^(?<time>[^ ]*  *[^ ]* [^ ]*) (?<host>[^ ]*) qmail: (?<unixtime>[^ ]*) delivery (?<delivery>[^ :]*): (?<result>[^ :]*): (?<result_status>[^ ]*)$/
  time_format %b %d %H:%M:%S
  path /tmp/maillog
  pos_file /tmp/fluentd.pos.6
  tag maillog.qmail
</source>

<match maillog.qmail>
  type mongo
  database maillog
  collection qmail
  host localhost
  port 27017
  ignore_invalid_record true
  buffer_chunk_limit 128k
  flush_interval 1s
</match>

<match **>
  type stdout
</match>