public inbox for pmg-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* [pmg-devel] Proxmox Mail Gateway Parsing logs
@ 2021-11-18 18:17 Mário Ângelo
  2021-11-22 19:57 ` Stoiko Ivanov
  0 siblings, 1 reply; 2+ messages in thread
From: Mário Ângelo @ 2021-11-18 18:17 UTC (permalink / raw)
  To: pmg-devel

[-- Attachment #1: Type: text/plain, Size: 317 bytes --]

Hey guys!

Does anyone have reference documentation of events generated by the Proxmox
Mail Gateway? I looked in the documentation on the site, but I couldn't
find it. Basically, I need the definition / specification of events and log
fields to parse/format in a SIEM.

Thank you for any help.

Mário Reis

[-- Attachment #2: Type: text/html, Size: 376 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [pmg-devel] Proxmox Mail Gateway Parsing logs
  2021-11-18 18:17 [pmg-devel] Proxmox Mail Gateway Parsing logs Mário Ângelo
@ 2021-11-22 19:57 ` Stoiko Ivanov
  0 siblings, 0 replies; 2+ messages in thread
From: Stoiko Ivanov @ 2021-11-22 19:57 UTC (permalink / raw)
  To: Mário Ângelo; +Cc: pmg-devel

Hello,

short suggestion not related to your question - please subscribe to the
pmg-devel mailing-list[0], as else your questions and comments will be
held for moderation (and won't get a reply as early as possible).

On Thu, 18 Nov 2021 15:17:34 -0300
Mário Ângelo <marioangelonr@gmail.com> wrote:

> Hey guys!
> 
> Does anyone have reference documentation of events generated by the Proxmox
> Mail Gateway? I looked in the documentation on the site, but I couldn't
> find it. Basically, I need the definition / specification of events and log
> fields to parse/format in a SIEM.
Not 100% sure I understand the question - but PMG does not generate events
- the source of information about it's processing of mail is the syslog
(all relevant services log with the mail facility). PMG usually comes with
rsyslog, which is quite versatile and configurable (also for remote
logging). 

In my limited experience with SIEM systems - I think parsing syslogs is
something they can handle (although sometimes providing the parsing rules
can be a bit difficult to get right)

One thing to consider when modifying the syslog configuration, is that the
Tracking Center (via pmg-log-tracker) takes it's information from
/var/log/syslog.* (and is not flexible in the format it expects).

I hope this helps!
stoiko


> 
> Thank you for any help.
> 
> Mário Reis

[0] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-11-22 19:57 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-18 18:17 [pmg-devel] Proxmox Mail Gateway Parsing logs Mário Ângelo
2021-11-22 19:57 ` Stoiko Ivanov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal