Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring a PostFix MTA Log Source

 

To collect syslog events, you must configure a log source for PostFix MTA to use the UDP Multiline Syslog protocol.

  1. Click the Admin tab.
  2. Click the Log Sources icon.
  3. Click Add.
  4. In the Log Source Name field, type a name for your log source.
  5. From the Log Source Type list, select PostFix Mail Transfer Agent.
  6. From the Protocol Configuration list, select UDP Multiline Syslog.
  7. Configure the following values:

    Table 1: PostFix MTA Log Source Parameters

    Parameter

    Description

    Log Source Identifier

    Type the IP address, host name, or name to identify your PostFix MTA installation.

    Listen Port

    Type 517 as the port number used by JSA to accept incoming UDP Multiline Syslog events. The valid port range is 1 - 65535.

    To edit a saved configuration to use a new port number:

    1. In the Listen Port field, type the new port number for receiving UDP Multiline Syslog events.

    2. Click Save.

    3. On the Admin tab, select Advanced >Deploy Full Configuration.

    After the full deployment completes, JSA will start receiving events on the updated listen port.

    When you click Deploy Full Configuration, JSA will restart all services, and will result in a gap in data collection for events and flows until the deployment completes.

    The port update is complete and event collection starts on the new port number.

    Message ID Pattern

    Type the following regular expression (regex) needed to filter the event payload messages.

    postfix/.*?[ \[]\d+[ \]](?:- - |: )([A-Z0-9]{8,10})

    Enabled

    Select this check box to enable the log source.

    Credibility

    Select the credibility of the log source. The range is 0 - 10.

    The credibility indicates the integrity of an event or offense as determined by the credibility rating from the source devices. Credibility increases if multiple sources report the same event. The default is 5.

    Target Event Collector

    Select the Target Event Collector to use as the target for the log source.

    Coalescing Events

    Select this check box to enable the log source to coalesce (bundle) events.

    By default, automatically discovered log sources inherit the value of the Coalescing Events list from the System Settings in JSA. When you create a log source or edit an existing configuration, you can override the default value by configuring this option for each log source.

      

    Store Event Payload

    Select this check box to enable the log source to store event payload information.

    By default, automatically discovered log sources inherit the value of the Store Event Payload list from the System Settings in JSA. When you create a log source or edit an existing configuration, you can override the default value by configuring this option for each log source.

    Log Source Language

    Select the language of the events that are generated by PostFix MTA.

  8. Click Save.
  9. On the Admin tab, click Deploy Changes.