From 48e360c8258c3f8c6e116f3a5e31841ed61ff899 Mon Sep 17 00:00:00 2001
From: "Zane C. Bowers-Hadley" <vvelox@vvelox.net>
Date: Thu, 4 Nov 2021 03:57:32 -0500
Subject: [PATCH] add back in postfix geoip processing

---
 MANIFEST                               | 10 +++++++---
 logstash/conf.d/50-filter-postfix.conf |  7 +++++++
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/MANIFEST b/MANIFEST
index 029ed4a..0a5c172 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -17,6 +17,10 @@ t/manifest.t
 t/pod-coverage.t
 t/pod.t
 bin/essearcher
-logstash/postfix/50-filter-postfix.conf
-logstash/postfix/README.md
-logstash/postfix/postfix.grok
+logstash/patterns.d/postfix.grok
+logstash/conf.d/50-filter-postfix.conf
+logstash/conf.d/syslog.conf
+logstash/conf.d/rsyslog.conf
+logstash/conf.d/beats.conf
+logstash/conf.d/51-filter-postfix-aggregate.conf.off
+logstash/README.md
diff --git a/logstash/conf.d/50-filter-postfix.conf b/logstash/conf.d/50-filter-postfix.conf
index 070da86..ae20ae9 100644
--- a/logstash/conf.d/50-filter-postfix.conf
+++ b/logstash/conf.d/50-filter-postfix.conf
@@ -262,5 +262,12 @@ filter {
             "postfix_postscreen_violation_time", "float"
         ]
     }
+
+    # add geoip for postfix
+    if [program] =~ /.*postfix.*/ {
+        geoip {
+            source => "postfix_client_ip"
+        }
+    }
 }