PostFix Mail Transfer Agent Sample Event Messages
Use these sample event messages to verify a successful integration with JSA.
Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
PostFix Mail Transfer Agent Sample Messages when you use the Syslog Protocol
Sample 1: The following sample event message shows that an email is sent successfully.
<22>Mar 5 13:09:45 postfix.mailtransferagent.test postfix/smtpd[7609]: B83C6210AB: client=unknown[192.168.0.14] message-id=<27914646.772901551755385716.JavaMail.root@testsrv1> from=<user4@exampledomain.test>, size=564564, nrcpt=1 (queue active) to=<user01@host.example.test>, relay=apc.olc.protection.server.test[192.168.126.33]:25, delay=3.4, delays=0.03/0/0.62/2.7, dsn=2.6.0, status=sent (250 2.6.0 <27914646.772901551755385716.JavaMail.root@testsrv1> [InternalId=19877108654932, Hostname=SERVER.PROD.EXAMPLE.TEST] 570417 bytes in 2.113, 263.513 KB/sec Queued mail for delivery -> 250 2.1.5) removed
JSA field name |
Highlighted values in the event payload |
---|---|
Event ID |
B83C6210AB |
Number of Recipients (custom property) |
1 |
Username |
user4@+exampledomain.test |
Originating Host (custom property) |
exampledomain.test |
Originating User (custom property) |
user4@+exampledomain.test |
Recipient Host (custom property) |
host.example.test |
Recipient User (custom property) |
user01@+host.example.test |
Source IP |
192.168.0.14 |
Destination Port |
192.168.126.33 |
Destination Port |
25 |
Sample 2: The following sample event message shows that an email is received.
<22>Jun 19 15:41:12 postfix.mailtransferagent.test postfix/qmgr[12345]: FFFFFFF: from=<User.Name@domain1.test>, size=3806, nrcpt=1 (queue active)
JSA field name |
Highlighted values in the event payload |
---|---|
Event ID |
qmgr |
Username |
User.Name@domain1.test |
Message Size (custom property) |
3806 |
MessageID (custom property) |
FFFFFFF |
Use the IBM QRadar Custom Properties for Postfix to closely monitor your Custom Properties for Postfix deployment. The Postfix custom event properties expand your JSA searches and reports by normalizing specific event data from a log source. If the IBM QRadar Custom Properties for Postfix content pack is not installed on your system, download it from the IBM X-Force Exchange website.