add queue ID and a few other bits

2019-12-06 12:14:06 -06:00 · 2019-12-06 12:14:06 -06:00 · 267b38c41f
parent 022632657f
commit 267b38c41f
4 changed files with 23 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -42,3 +42,5 @@ inc/
 /pm_to_blib
 /*.zip

+# emacs
+*/\#*\#
--- a/Search-ESsearcher/Changes
+++ b/Search-ESsearcher/Changes
@ -1,5 +1,8 @@
 Revision history for Search-ESsearcher

+0.4.0	 2019-06-05/05:0
+		 - Make host searching work better for syslog. Thanks, Kevin Greene.
+
 0.3.1	 2019-06-05/05:0
 		 - Add missing options to postfix pod.

--- a/Search-ESsearcher/bin/essearcher
+++ b/Search-ESsearcher/bin/essearcher
@ -23,6 +23,8 @@ if ( defined( $ENV{NO_COLOR} ) ){
 	$ENV{ANSI_COLORS_DISABLED}=1;
 }

+
+
 # set all the templates the servers use to to fault
 my $search;
 my $options;
@ -71,7 +73,7 @@ if ( defined( $check ) &&
 	 ( $check ne 'gte' ) &&
 	 ( $check ne 'lt' ) &&
 	 ( $check ne 'lte' )
-	){
+	) {
 	warn('-n is set, but is not gt, gte, lt, or lte');
 	exit 255;
 }
--- a/Search-ESsearcher/lib/Search/ESsearcher/Templates/postfix.pm
+++ b/Search-ESsearcher/lib/Search/ESsearcher/Templates/postfix.pm
@ -190,11 +190,8 @@ Any thing not matching maching any of the above will just be passed on.
 sub search{
 return '
 [% USE JSON ( pretty => 1 ) %]
-[% DEFAULT o.host = "*" %]
-[% DEFAULT o.src = "*" %]
 [% DEFAULT o.program = "postfix" %]
 [% DEFAULT o.facility = "mail" %]
-[% DEFAULT o.msg = "*" %]
 [% DEFAULT o.size = "50" %]
 [% DEFAULT o.field = "type" %]
 [% DEFAULT o.fieldv = "syslog" %]
@ -208,16 +205,20 @@ return '
 					  {
 					   "term": { [% o.field.json %]: [% o.fieldv.json %] }
 					   },
+                      [% IF o.host %]
 					  {"query_string": {
 						  "default_field": "host",
 						  "query": [% aon( o.host ).json %]
 					  }
 					   },
+                      [% END %]
+                      [% IF o.src %]
 					  {"query_string": {
 						  "default_field": "logsource",
 						  "query": [% o.src.json %]
 					  }
 					   },
+                      [% END %]
 					  {"query_string": {
 						  "default_field": "program",
 						  "query": [% aon( o.program ).json %]
@ -235,11 +236,13 @@ return '
 					  }
 					   },
 					  [% END %]
+					  [% IF o.msg %]
 					  {"query_string": {
 						  "default_field": "message",
 						  "query": [% o.msg.json %]
 					  }
 					   },
+					  [% END %]
 					  [% IF o.from %]
 					  {"query_string": {
 						  "default_field": "postfix_from",
@ -268,6 +271,13 @@ return '
 					  }
 					   },
 					  [% END %]
+					  [% IF o.qid %]
+					  {"query_string": {
+						  "default_field": "postfix_queueid",
+						  "query": [% aon( o.qid ).json %]
+					  }
+					   },
+					  [% END %]
 					  [% IF o.ip %]
 					  {"query_string": {
 						  "default_field": "postfix_client_ip",
@ -379,6 +389,7 @@ fieldv=s
 showkeys
 nomsg
 noq
+qid=s
 ';
 }

@ -525,6 +536,7 @@ sub help{
 --pid <pid>           The PID that sent the message.

 --mid <msg id>        Search based on the message ID.
+--qid <queue id>      Search based on the queue ID.
 --from <address>      The from address to search for.
 --to <address>        The to address to search for.
 --oto <address>       The original to address to search for.