match text:
Jul 5 11:28:29 web-niemiao-3 postfix/smtp[17563]: AE03562521: to=<smileboywtu@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[74.125 .30.27]:25, delay=2.9, delays=0.02/0/2.3/0.53, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[74.125.30.27] said: 421 -4.7.0 [122.14.62.30 15] Our system has detected that this message is 421-4.7.0 suspicious due to the very low reputation of the s ending IP address. 421-4.7.0 To protect our users from spam, mail sent from your IP address has 421-4.7.0 been temporarily rate limited . Please visit 421 4.7.0 https://support.google.com/mail/answer/188131 for more information. y84si7872216oig.365 - gsmtp (in reply to end of DATA command))
2017-07-05 11:56:24 +0800 [warn]: plugin/out_parser.rb:88:block (2 levels) in emit: pattern not match with data 'web-niemiao-3-5-28-255 postfix/smtp[18629]: C340A6252A: to=<smileboywtu@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.67.27]:25, delay=580, delays=577/0.01/1.8/0.51, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.67.27] said: 421-4.7.0 [122.14.62.30 15] Our system has detected that this message is 421-4.7.0 suspicious due to the very low reputation of the sending IP address. 421-4.7.0 To protect our users from spam, mail sent from your IP address has 421-4.7.0 been temporarily rate limited. Please visit 421 4.7.0 https://support.google.com/mail/answer/188131 for more information. h77si17404178oig.396 - gsmtp (in reply to end of DATA command))'
td-agent : 0.12.35
regex:
match text:
Jul 5 11:28:29 web-niemiao-3 postfix/smtp[17563]: AE03562521: to=<smileboywtu@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[74.125 .30.27]:25, delay=2.9, delays=0.02/0/2.3/0.53, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[74.125.30.27] said: 421 -4.7.0 [122.14.62.30 15] Our system has detected that this message is 421-4.7.0 suspicious due to the very low reputation of the s ending IP address. 421-4.7.0 To protect our users from spam, mail sent from your IP address has 421-4.7.0 been temporarily rate limited . Please visit 421 4.7.0 https://support.google.com/mail/answer/188131 for more information. y84si7872216oig.365 - gsmtp (in reply to end of DATA command))works well in Fluentular, but fluentd notify:
2017-07-05 11:56:24 +0800 [warn]: plugin/out_parser.rb:88:block (2 levels) in emit: pattern not match with data 'web-niemiao-3-5-28-255 postfix/smtp[18629]: C340A6252A: to=<smileboywtu@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.67.27]:25, delay=580, delays=577/0.01/1.8/0.51, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.67.27] said: 421-4.7.0 [122.14.62.30 15] Our system has detected that this message is 421-4.7.0 suspicious due to the very low reputation of the sending IP address. 421-4.7.0 To protect our users from spam, mail sent from your IP address has 421-4.7.0 been temporarily rate limited. Please visit 421 4.7.0 https://support.google.com/mail/answer/188131 for more information. h77si17404178oig.396 - gsmtp (in reply to end of DATA command))'