Compare commits
2 Commits
022632657f
...
756fa71841
Author | SHA1 | Date |
---|---|---|
Zane C. B-H | 756fa71841 | |
Zane C. B-H | 267b38c41f |
|
@ -42,3 +42,7 @@ inc/
|
|||
/pm_to_blib
|
||||
/*.zip
|
||||
|
||||
# emacs
|
||||
*/\#*\#
|
||||
Search-ESsearcher/bin/#essearcher#
|
||||
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
Revision history for Search-ESsearcher
|
||||
|
||||
0.4.0 2019-06-05/05:0
|
||||
- Make host searching work better for syslog. Thanks, Kevin Greene.
|
||||
|
||||
0.3.1 2019-06-05/05:0
|
||||
- Add missing options to postfix pod.
|
||||
|
||||
|
|
|
@ -23,6 +23,8 @@ if ( defined( $ENV{NO_COLOR} ) ){
|
|||
$ENV{ANSI_COLORS_DISABLED}=1;
|
||||
}
|
||||
|
||||
|
||||
|
||||
# set all the templates the servers use to to fault
|
||||
my $search;
|
||||
my $options;
|
||||
|
@ -71,7 +73,7 @@ if ( defined( $check ) &&
|
|||
( $check ne 'gte' ) &&
|
||||
( $check ne 'lt' ) &&
|
||||
( $check ne 'lte' )
|
||||
){
|
||||
) {
|
||||
warn('-n is set, but is not gt, gte, lt, or lte');
|
||||
exit 255;
|
||||
}
|
||||
|
|
|
@ -190,11 +190,8 @@ Any thing not matching maching any of the above will just be passed on.
|
|||
sub search{
|
||||
return '
|
||||
[% USE JSON ( pretty => 1 ) %]
|
||||
[% DEFAULT o.host = "*" %]
|
||||
[% DEFAULT o.src = "*" %]
|
||||
[% DEFAULT o.program = "postfix" %]
|
||||
[% DEFAULT o.facility = "mail" %]
|
||||
[% DEFAULT o.msg = "*" %]
|
||||
[% DEFAULT o.size = "50" %]
|
||||
[% DEFAULT o.field = "type" %]
|
||||
[% DEFAULT o.fieldv = "syslog" %]
|
||||
|
@ -208,16 +205,20 @@ return '
|
|||
{
|
||||
"term": { [% o.field.json %]: [% o.fieldv.json %] }
|
||||
},
|
||||
[% IF o.host %]
|
||||
{"query_string": {
|
||||
"default_field": "host",
|
||||
"query": [% aon( o.host ).json %]
|
||||
}
|
||||
},
|
||||
[% END %]
|
||||
[% IF o.src %]
|
||||
{"query_string": {
|
||||
"default_field": "logsource",
|
||||
"query": [% o.src.json %]
|
||||
}
|
||||
},
|
||||
[% END %]
|
||||
{"query_string": {
|
||||
"default_field": "program",
|
||||
"query": [% aon( o.program ).json %]
|
||||
|
@ -235,11 +236,13 @@ return '
|
|||
}
|
||||
},
|
||||
[% END %]
|
||||
[% IF o.msg %]
|
||||
{"query_string": {
|
||||
"default_field": "message",
|
||||
"query": [% o.msg.json %]
|
||||
}
|
||||
},
|
||||
[% END %]
|
||||
[% IF o.from %]
|
||||
{"query_string": {
|
||||
"default_field": "postfix_from",
|
||||
|
@ -268,6 +271,13 @@ return '
|
|||
}
|
||||
},
|
||||
[% END %]
|
||||
[% IF o.qid %]
|
||||
{"query_string": {
|
||||
"default_field": "postfix_queueid",
|
||||
"query": [% aon( o.qid ).json %]
|
||||
}
|
||||
},
|
||||
[% END %]
|
||||
[% IF o.ip %]
|
||||
{"query_string": {
|
||||
"default_field": "postfix_client_ip",
|
||||
|
@ -379,6 +389,7 @@ fieldv=s
|
|||
showkeys
|
||||
nomsg
|
||||
noq
|
||||
qid=s
|
||||
';
|
||||
}
|
||||
|
||||
|
@ -525,6 +536,7 @@ sub help{
|
|||
--pid <pid> The PID that sent the message.
|
||||
|
||||
--mid <msg id> Search based on the message ID.
|
||||
--qid <queue id> Search based on the queue ID.
|
||||
--from <address> The from address to search for.
|
||||
--to <address> The to address to search for.
|
||||
--oto <address> The original to address to search for.
|
||||
|
|
Loading…
Reference in New Issue