docker and syslog file format?

maddler

Did anyone look already into the syslog format for logs?
I mean, currently the format is 2024-02-15T20:24:26+01:00 localhost.localdomain docker/mailcowdockerized-postfix-mailcow-1[3533851]: Feb 15 19:24:26 3c42ed76d77d postfix/postscreen[684]: WHITELISTED [198.2.143.244]:4966, the actual application part would be the second “half” of the logs, after the 2nd date field and this is causing apps like pflogsumm not to be able to process that correctly.
Any help, hint, pointer is welcome!

Thanks!
W.

maximaw

Mailcow seems to have pointers about how to proceed ; did you look at this page? https://docs.mailcow.email/post_installation/firststeps-logging/

maddler

Yeah, the logging is working fine following that guide.
Was just looking at improving/better manage the actual log content.

DocFraggle

The above is the default IETF syslog format, it would be very hard to change that. I suggest looking into your pflogsumm configuration as something as simple as that should be working

See here

Edit: Your problem is that the message contains the log including the date because the original log is from Docker, I guess your can just filter/ignore that in your software?

maddler

Yes, should have phrased that better, maybe: I was checking if someone already managed to “extract” the application log using, possibly, RSyslog templates. 😃