Change log for POSTFIX_MAIL
| Date | Changes |
|---|---|
| 2026-01-23 | Enhancement:
- Added grok pattern to parse new log format. - `event.idm.read_only_udm.network.email.from`: Newly mapped `email_from` raw log field with `event.idm.read_only_udm.network.email.from` UDM field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `smtp_code`, `smtp_status`, `time_sec`, `speed_kbps` and `InternalId` raw log fields to `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.principal.resource.name`: Newly mapped `ssmtp_message_id` raw log field with `event.idm.read_only_udm.principal.resource.name` UDM field. - `event.idm.read_only_udm.network.sent_bytes`: Newly mapped `bytes_sent` raw log field with `event.idm.read_only_udm.network.sent_bytes` UDM field. - `security_result.summary`: Newly mapped `delivery_status` raw log field with `security_result.summary` UDM field. - `event.idm.read_only_udm.target.hostname`: Newly mapped `Hostname` raw log field with `event.idm.read_only_udm.target.hostname` UDM field. |
| 2025-09-03 | Enhancement:
- Removed drop tag when log contains `bounce` value to parse the logs. - event.idm.read_only_udm.intermediary.hostname: Newly mapped `inter_host` raw log field with `event.idm.read_only_udm.intermediary.hostname` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `bounceid` and `originalmsgid` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. |
| 2024-06-25 | Enhancement:
- Added support to parse new format of syslog logs. |
| 2024-05-22 | Enhancement
- Added a Grok pattern to extract "from" and "to" email addresses, "subject", and "filename" from the raw log and set "metadata.event_type" to "EMAIL_TRANSACTION". |
| 2022-10-06 | Enhancement
- Modified grok pattern to parse the logs. |
| 2022-07-18 | Enhancement
- Mapped host.hostname to principal.hostname. - Mapped host.ip to principal.ip. - Mapped host.mac to principal.mac. - Mapped host.id to principal.asset.asset_id. - Mapped host.os.name to principal.platform. - Mapped network.ip_protocol to TCP if input.type is tcp. - Mapped log.source.address data src_ip to principal.ip, src_port to principal.port. - Mapped agent.id to metadata.product_log_id. - Mapped agent.type to metadata.product_event_type. - Mapped agent.version to metadata.product_version. - Mapped source_ip to principal.ip. - Mapped source_hostname to principal.hostname. - Mapped target_email to network.email.to if it is an email else mapped to target.user.userid. - Mapped from_user to network.email.from. |