From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id F153E81235 for ; Mon, 22 Nov 2021 20:57:15 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E39D822A12 for ; Mon, 22 Nov 2021 20:57:15 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 393FC22A07 for ; Mon, 22 Nov 2021 20:57:15 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 069EC4497A; Mon, 22 Nov 2021 20:57:15 +0100 (CET) Date: Mon, 22 Nov 2021 20:57:13 +0100 From: Stoiko Ivanov To: =?UTF-8?B?TcOhcmlvIMOCbmdlbG8=?= Cc: pmg-devel@lists.proxmox.com Message-ID: <20211122205713.6eca9e1e@rosa.proxmox.com> In-Reply-To: References: X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL 0.316 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pmg-devel] Proxmox Mail Gateway Parsing logs X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Nov 2021 19:57:16 -0000 Hello, short suggestion not related to your question - please subscribe to the pmg-devel mailing-list[0], as else your questions and comments will be held for moderation (and won't get a reply as early as possible). On Thu, 18 Nov 2021 15:17:34 -0300 M=C3=A1rio =C3=82ngelo wrote: > Hey guys! >=20 > Does anyone have reference documentation of events generated by the Proxm= ox > Mail Gateway? I looked in the documentation on the site, but I couldn't > find it. Basically, I need the definition / specification of events and l= og > fields to parse/format in a SIEM. Not 100% sure I understand the question - but PMG does not generate events - the source of information about it's processing of mail is the syslog (all relevant services log with the mail facility). PMG usually comes with rsyslog, which is quite versatile and configurable (also for remote logging).=20 In my limited experience with SIEM systems - I think parsing syslogs is something they can handle (although sometimes providing the parsing rules can be a bit difficult to get right) One thing to consider when modifying the syslog configuration, is that the Tracking Center (via pmg-log-tracker) takes it's information from /var/log/syslog.* (and is not flexible in the format it expects). I hope this helps! stoiko >=20 > Thank you for any help. >=20 > M=C3=A1rio Reis [0] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel