[pmg-devel] Proxmox Mail Gateway Parsing logs
Stoiko Ivanov
s.ivanov at proxmox.com
Mon Nov 22 20:57:13 CET 2021
Hello,
short suggestion not related to your question - please subscribe to the
pmg-devel mailing-list[0], as else your questions and comments will be
held for moderation (and won't get a reply as early as possible).
On Thu, 18 Nov 2021 15:17:34 -0300
Mário Ângelo <marioangelonr at gmail.com> wrote:
> Hey guys!
>
> Does anyone have reference documentation of events generated by the Proxmox
> Mail Gateway? I looked in the documentation on the site, but I couldn't
> find it. Basically, I need the definition / specification of events and log
> fields to parse/format in a SIEM.
Not 100% sure I understand the question - but PMG does not generate events
- the source of information about it's processing of mail is the syslog
(all relevant services log with the mail facility). PMG usually comes with
rsyslog, which is quite versatile and configurable (also for remote
logging).
In my limited experience with SIEM systems - I think parsing syslogs is
something they can handle (although sometimes providing the parsing rules
can be a bit difficult to get right)
One thing to consider when modifying the syslog configuration, is that the
Tracking Center (via pmg-log-tracker) takes it's information from
/var/log/syslog.* (and is not flexible in the format it expects).
I hope this helps!
stoiko
>
> Thank you for any help.
>
> Mário Reis
[0] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
More information about the pmg-devel
mailing list