mail.log filter
3 views
Skip to first unread message
Toto Labiere
Sep 18, 2025, 10:47:35 AM (10 days ago) Sep 18
to lnav
Hello all.
I'd like to have a specific format for mail.log (postfix, amavis, dovecot...)
I'd like to have no coloring.
I'd like to have special highlighting for the following regex:
smtpd.*client|amavis|queue-id.*message|queued.as.*[,)]|smtp.*to=|lmtp.*to=|pickup.*\:
that regex would also be used in filter-in:
anyways, I'm struggling to create a custom format.
Here's what i tried so far:
root@clone-messagerie[10.10.10.19] ~/.lnav/formats/default # cat mail.log.json
{
"mail_log": {
"title": "mail log format",
"description" : "mail log formatting for amavis, postfix and co",
"file-pattern": "/var/log/mail.log",
"regex" : {
"debug_line" : {
"pattern" : "^(?<timestamp>\\d{4}/\\d{2}/\\d{2} \\d{2}:\\d{2}:\\d{2}(?:\\.\\d+)?) (?<body>.*)$"
}
},
"value" : {
"pid" : { "kind" : "integer", "identifier" : true },
"body" : { "kind" : "string" }
},
"sample" : [{ "line" : "Sep 14 06:25:15 clone-messagerie postfix/smtpd[28128]: connect from unknown[192.168.100.240]" }],
"highlights": [
{
"pattern": "^\\w+(smtpd.*client|amavis|queue-id.*mail_id|queued.as.*[,)]|smtp.*to=|lmtp.*to=|pickup.*:)\\w+$",
"color":"SkyBlue1"
}
]
}
}
root@clone-messagerie[10.10.10.19] ~/.lnav/formats/default #
{
"mail_log": {
"title": "mail log format",
"description" : "mail log formatting for amavis, postfix and co",
"file-pattern": "/var/log/mail.log",
"regex" : {
"debug_line" : {
"pattern" : "^(?<timestamp>\\d{4}/\\d{2}/\\d{2} \\d{2}:\\d{2}:\\d{2}(?:\\.\\d+)?) (?<body>.*)$"
}
},
"value" : {
"pid" : { "kind" : "integer", "identifier" : true },
"body" : { "kind" : "string" }
},
"sample" : [{ "line" : "Sep 14 06:25:15 clone-messagerie postfix/smtpd[28128]: connect from unknown[192.168.100.240]" }],
"highlights": [
{
"pattern": "^\\w+(smtpd.*client|amavis|queue-id.*mail_id|queued.as.*[,)]|smtp.*to=|lmtp.*to=|pickup.*:)\\w+$",
"color":"SkyBlue1"
}
]
}
}
root@clone-messagerie[10.10.10.19] ~/.lnav/formats/default #
but I get errors:
root@clone-messagerie[10.10.10.19] ~/.lnav/formats/default # lnav /var/log/mail.log
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern:unexpected data, expecting one of the following data types --
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern:accepted paths --
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/regex/[^/]+/pattern$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/(json|convert-to-local-time)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/timestamp-divisor$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/(file-pattern|level-field|timestamp-field|body-field|url|title|description)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/level/(trace|debug|info|warning|error|critical|fatal)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/value/\w+/(kind|collate|unit/field)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/value/\w+/(identifier|foreign-key|hidden)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/value/\w+/unit/scaling-factor/.*$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/value/\w+/action-list#
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/action/\w+/label
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/action/\w+/capture-output
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/action/\w+/cmd#
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/sample#/line$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/line-format#/(field|default-value)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/line-format#/min-width$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/line-format#$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color:unexpected data, expecting one of the following data types --
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color:accepted paths --
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/regex/[^/]+/pattern$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/(json|convert-to-local-time)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/timestamp-divisor$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/(file-pattern|level-field|timestamp-field|body-field|url|title|description)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/level/(trace|debug|info|warning|error|critical|fatal)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/value/\w+/(kind|collate|unit/field)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/value/\w+/(identifier|foreign-key|hidden)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/value/\w+/unit/scaling-factor/.*$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/value/\w+/action-list#
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/action/\w+/label
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/action/\w+/capture-output
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/action/\w+/cmd#
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/sample#/line$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/line-format#/(field|default-value)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/line-format#/min-width$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/line-format#$
error:mail_log:invalid sample -- Sep 14 06:25:15 clone-messagerie postfix/smtpd[28128]: connect from unknown[192.168.100.240]
error:mail_log:no partial match found
root@clone-messagerie[10.10.10.19] ~/.lnav/formats/default #
root@clone-messagerie[10.10.10.19] ~/.lnav/formats/default # lnav /var/log/mail.log
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern:unexpected data, expecting one of the following data types --
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern:accepted paths --
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/regex/[^/]+/pattern$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/(json|convert-to-local-time)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/timestamp-divisor$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/(file-pattern|level-field|timestamp-field|body-field|url|title|description)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/level/(trace|debug|info|warning|error|critical|fatal)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/value/\w+/(kind|collate|unit/field)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/value/\w+/(identifier|foreign-key|hidden)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/value/\w+/unit/scaling-factor/.*$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/value/\w+/action-list#
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/action/\w+/label
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/action/\w+/capture-output
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/action/\w+/cmd#
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/sample#/line$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/line-format#/(field|default-value)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/line-format#/min-width$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/pattern: ^/\w+/line-format#$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color:unexpected data, expecting one of the following data types --
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color:accepted paths --
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/regex/[^/]+/pattern$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/(json|convert-to-local-time)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/timestamp-divisor$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/(file-pattern|level-field|timestamp-field|body-field|url|title|description)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/level/(trace|debug|info|warning|error|critical|fatal)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/value/\w+/(kind|collate|unit/field)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/value/\w+/(identifier|foreign-key|hidden)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/value/\w+/unit/scaling-factor/.*$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/value/\w+/action-list#
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/action/\w+/label
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/action/\w+/capture-output
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/action/\w+/cmd#
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/sample#/line$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/line-format#/(field|default-value)$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/line-format#/min-width$
warning:/root/.lnav//formats/default/mail.log.json:/mail_log/highlights#/color: ^/\w+/line-format#$
error:mail_log:invalid sample -- Sep 14 06:25:15 clone-messagerie postfix/smtpd[28128]: connect from unknown[192.168.100.240]
error:mail_log:no partial match found
root@clone-messagerie[10.10.10.19] ~/.lnav/formats/default #
Any help appreciated.
Thanks!
Thanks!
Best,
Reply all
Reply to author
Forward
0 new messages