Sergey Katunin wellcomer

## exim
#!/bin/sh

curl -XPUT localhost:9200/_template/exim -d '{
    "template" : "exim-*",
    "mappings" : {
      "_default_" : {
        "_all" : {"enabled" : false},
        "properties" : {
          "@version": { "index": "analyzed", "type": "integer" },
          "@timestamp": { "index": "analyzed", "type": "date" },

## exim-mainlog
input {
        file {
                path => [ "/var/log/exim4/mainlog" ]
                start_position => end
                type => "exim"
        }
}

filter {

## exim
MAIL_USER [\.\+\=\-_a-zA-Z0-9]+
EXIM_MSGID (?<exim_msgid>[0-9A-Za-z]{6}-[0-9A-Za-z]{6}-[0-9A-Za-z]{2})
EXIM_FLAGS (<=|[-=>*]>|[*]{2}|==)
EXIM_DATE %{YEAR:exim_year}-%{MONTHNUM:exim_month}-%{MONTHDAY:exim_day} %{TIME:exim_time}
EXIM_PID \[%{POSINT}\]
EXIM_T ((\d+y)?(\d+w)?(\d+d)?(\d+h)?(\d+m)?(\d+s)?)
EXIM_QT QT=%{EXIM_T:exim_qt}
EXIM_DT DT=%{EXIM_T:exim_dt}
EXIM_EXCLUDE_TERMS (Message is frozen|(Start|End) queue run| Warning: | retry time not reached | no (IP address|host name) found for (IP address|host) | unexpected disconnection while reading SMTP command | no immediate delivery: |another process is handling this message)
EXIM_REMOTE_HOST (H=|from\s|host\s)(%{NOTSPACE:exim_remote_hostname} )?(\(%{NOTSPACE:exim_remote_heloname}\) )?\[%{IP:exim_remote_host}\](:%{INT:exim_remote_port})?

## dhcpd-syslog
input {
        file {
                path => [ "/var/log/syslog" ]
                start_position => end
                type => "syslog"
        }
}

filter {

## ibank2-ibank.log
input {
        file {
                path => [ "/opt/iBank2/logs/ibank.log" ]
                start_position => end

                codec => multiline {
                        pattern => "^\s"
                        what => "previous"
                }
        }
	#!/bin/sh

	curl -XPUT localhost:9200/_template/exim -d '{
	"template" : "exim-*",
	"mappings" : {
	"_default_" : {
	"_all" : {"enabled" : false},
	"properties" : {
	"@version": { "index": "analyzed", "type": "integer" },
	"@timestamp": { "index": "analyzed", "type": "date" },
	input {
	file {
	path => [ "/var/log/exim4/mainlog" ]
	start_position => end
	type => "exim"
	}
	}

	filter {
	MAIL_USER [\.\+\=\-_a-zA-Z0-9]+
	EXIM_MSGID (?<exim_msgid>[0-9A-Za-z]{6}-[0-9A-Za-z]{6}-[0-9A-Za-z]{2})
	EXIM_FLAGS (<=\|[-=>]>\|[]{2}\|==)
	EXIM_DATE %{YEAR:exim_year}-%{MONTHNUM:exim_month}-%{MONTHDAY:exim_day} %{TIME:exim_time}
	EXIM_PID \[%{POSINT}\]
	EXIM_T ((\d+y)?(\d+w)?(\d+d)?(\d+h)?(\d+m)?(\d+s)?)
	EXIM_QT QT=%{EXIM_T:exim_qt}
	EXIM_DT DT=%{EXIM_T:exim_dt}
	EXIM_EXCLUDE_TERMS (Message is frozen\|(Start\|End) queue run\| Warning: \| retry time not reached \| no (IP address\|host name) found for (IP address\|host) \| unexpected disconnection while reading SMTP command \| no immediate delivery: \|another process is handling this message)
	EXIM_REMOTE_HOST (H=\|from\s\|host\s)(%{NOTSPACE:exim_remote_hostname} )?(\(%{NOTSPACE:exim_remote_heloname}\) )?\[%{IP:exim_remote_host}\](:%{INT:exim_remote_port})?
	input {
	file {
	path => [ "/var/log/syslog" ]
	start_position => end
	type => "syslog"
	}
	}

	filter {
	input {
	file {
	path => [ "/opt/iBank2/logs/ibank.log" ]
	start_position => end

	codec => multiline {
	pattern => "^\s"
	what => "previous"
	}
	}