How do I use these codes without POP3

[Blason]

Hi there,

I am wondering if I need to try it out on downloaded xml file and wanted to send the parsed messages to Graylog which eventually uses elasticsearch. I believe that can be possible since I am using logstash and filebeat as well except Kibana.

[jertel]

Hello,

You would need to modify the python script to read the XML from a file instead of a POP3 account. If you know basic Python or any language this will be trivial. As far as using Graylog, I'm sure you can do it but it will require modification to the Helm chart.

On Tue, Jan 1, 2019 at 10:41 PM Blason notifications@github.com wrote:

Hi there,

I am wondering if I need to try it out on downloaded xml file and wanted to send the parsed messages to Graylog which eventually uses elasticsearch. I believe that can be possible since I am using logstash and filebeat as well except Kibana.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jertel/dmarc2logstash/issues/2, or mute the thread https://github.com/notifications/unsubscribe-auth/AP3meyBrsE51teRmJdM4sVbB5143NUZcks5u_CpqgaJpZM4ZmK7v .

[Blason]

So for Graylog why do we need any modification? Since backend is elasticsearch and I am sending datat through logstash the entire process remains same, right? Instead my output would gelf instead of elasticsearch.

I need to see the modification in python file and which codes needs to be modified for reading the file from disk; even I can setup email server and have it configured as POP3 Account.

[jertel]

I don't fully understand your Graylog setup based on what you've written here. However, if dmarc2logstash will continue sending its output directly to logstash then you're right, you shouldn't need to change anything.

You mentioned you could setup POP3 to test -- if that's the case you should continue with that approach since that is the correct way to use this application.

On Wed, Jan 2, 2019 at 4:19 AM Blason notifications@github.com wrote:

So for Graylog why do we need any modification? Since backend is elasticsearch and I am sending datat through logstash the entire process remains same, right? Instead my output would gelf instead of elasticsearch.

I need to see the modification in python file and which codes needs to be modified for reading the file from disk; even I can setup email server and have it configured as POP3 Account.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/jertel/dmarc2logstash/issues/2#issuecomment-450816286, or mute the thread https://github.com/notifications/unsubscribe-auth/AP3me63U8jZArM5BGfaHW81Wk1fCeaapks5u_Hm_gaJpZM4ZmK7v .

[Blason]

well, I am not so versed with Docker hence wondering if I could use python commands directly from file? So to understand the flow

1. python script will keep monitoring the POP3 account
2. if new mail is found it will download the attachment
3. Unzip the file, then XML file will be converted to JSON
4. And filebeat will read the file and fed into logstash for parsing
5. And then logstash to elasticsearch?

[jertel]

Yes, that's the correct flow. In step 5 it all depends on how you configured your logstash deployment, but yes typically it points to Elasticsearch. That's outside the scope of this application, though.

You can execute the script directly without Docker. Assuming you have Python installed, and you have pulled this dmarc2logstash repository, and you have configured the accompanying dmarc2logstash.conf file as the instructions in the README.md explain, the command will look like this:

python dmarc2logstash.py

Using Docker is recommended, however, since you may end up with the wrong version of Python or dependent libraries on your local workstation.

[Blason]

So, this python script will make the mail readable as well? Wondering how it will keep a track of the mails which are downloaded or read? Will it move to other folder or something?

[Blason]

Dang!!!

delete_messages	true	If set to 1, the messages will be deleted from the inbox after successful parsing. If set to 0, the messages will not be deleted (useful for debugging)

Sorry my bad

[jertel]

It deletes them if your configuration file has delete_messages set to 1 and if it successfully converted the email to JSON. Otherwise it leaves them in the inbox and will reprocess them on the next run.

On Wed, Jan 2, 2019 at 1:02 PM Blason notifications@github.com wrote:

So, this python script will make the mail readable as well? Wondering how it will keep a track of the mails which are downloaded or read? Will it move to other folder or something?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/jertel/dmarc2logstash/issues/2#issuecomment-450936133, or mute the thread https://github.com/notifications/unsubscribe-auth/AP3me0DUo_X_4fCLr0MLmmrlutXGb71vks5u_PRFgaJpZM4ZmK7v .

[Blason]

So pertaining to dmarc2logstash.conf; I need to create this file explicitly and this is a JSON file right? Where that need to be kept then?

[jertel]

It needs to be in the current working directory. Save it next to the Python script and then while in that directory you can run the command I provided earlier. You can copy the example from the README.md to get started and adjust the values as needed.

On Wed, Jan 2, 2019 at 1:06 PM Blason notifications@github.com wrote:

So pertaining to dmarc2logstash.conf; I need to create this file explicitly and this is a JSON file right? Where that need to be kept then?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/jertel/dmarc2logstash/issues/2#issuecomment-450936967, or mute the thread https://github.com/notifications/unsubscribe-auth/AP3me_f4RCRxLD3N-d5ypWCIcnyP4ZDMks5u_PUHgaJpZM4ZmK7v .

[Blason]

Okies - Let me try; if I stuck will get back to you.

Thanks for the help dude!!