ElasticSearch and PowerMTA logs Processing

[shuvoaftab]

Hi, Thanks for previous responses and i really appreciate your works and help :) Hope all are fine at your end.

I am asking you for pmta logs processing from multiple servers by elastic search. I have read some articles and documentations but it will be great if you guide me.bcz i will be using elastic search for pmta only.

If you have time, please give me some guidelines how i can process pmta logs smoothly.

thanks in advance -Ibrahim

[magicdude4eva]

I forgot that I already documented this via a Gist - https://gist.github.com/magicdude4eva/5001d3b52743062f6fb28e3a92b7fce4

In essence you need a Graylog server with a cluster of ElasticSearch. I am sure Kibana would also work. To ship logs to ElasticSearch via Graylog we use Logstash.

PowerMTA is already produces accounting files in CSV file format, so Logstash or Beat will just be able to work with that. You do need some minor configuration (as detailed in the Gist) on how to translate certain fields.

BTW: Installation of Graylog / ES would be beyond this, as it is very specific to a customer (i.e. how many ES masters / slaves, underlying OS etc) - it is however very easy. You can very well start off with 1 master and then extend.