public inbox for pmg-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: "Mário Ângelo" <marioangelonr@gmail.com>
Cc: pmg-devel@lists.proxmox.com
Subject: Re: [pmg-devel] Proxmox Mail Gateway Parsing logs
Date: Mon, 22 Nov 2021 20:57:13 +0100	[thread overview]
Message-ID: <20211122205713.6eca9e1e@rosa.proxmox.com> (raw)
In-Reply-To: <CA+Jd9xSTZw20dt3Jn7VwVHqOm=aE=Wy+vrYBSA-PkyS+jFXz8g@mail.gmail.com>

Hello,

short suggestion not related to your question - please subscribe to the
pmg-devel mailing-list[0], as else your questions and comments will be
held for moderation (and won't get a reply as early as possible).

On Thu, 18 Nov 2021 15:17:34 -0300
Mário Ângelo <marioangelonr@gmail.com> wrote:

> Hey guys!
> 
> Does anyone have reference documentation of events generated by the Proxmox
> Mail Gateway? I looked in the documentation on the site, but I couldn't
> find it. Basically, I need the definition / specification of events and log
> fields to parse/format in a SIEM.
Not 100% sure I understand the question - but PMG does not generate events
- the source of information about it's processing of mail is the syslog
(all relevant services log with the mail facility). PMG usually comes with
rsyslog, which is quite versatile and configurable (also for remote
logging). 

In my limited experience with SIEM systems - I think parsing syslogs is
something they can handle (although sometimes providing the parsing rules
can be a bit difficult to get right)

One thing to consider when modifying the syslog configuration, is that the
Tracking Center (via pmg-log-tracker) takes it's information from
/var/log/syslog.* (and is not flexible in the format it expects).

I hope this helps!
stoiko


> 
> Thank you for any help.
> 
> Mário Reis

[0] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel




      reply	other threads:[~2021-11-22 19:57 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-18 18:17 Mário Ângelo
2021-11-22 19:57 ` Stoiko Ivanov [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211122205713.6eca9e1e@rosa.proxmox.com \
    --to=s.ivanov@proxmox.com \
    --cc=marioangelonr@gmail.com \
    --cc=pmg-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal