Convert postfix timestamps in syslog format to logstash dates

Author: whyscream

50-filter-postfix.conf

@@ -305,4 +305,20 @@ filter {
             "postfix_requiretls", "requiretls", "true"
         ]
     }
+
+    # Convert timestamp fields from string to date
+    # NOTE: postfix timestamps don't contain a year value, which makes logstash assume the current year.
+    #   Beware when parsing historic log files!
+    date {
+        match => [
+            "postfix_anvil_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss"
+        ]
+        target => "postfix_anvil_timestamp"
+    }
+    date {
+        match => [
+            "postfix_scache_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss"
+        ]
+        target => "postfix_scache_timestamp"
+    }
 }

test_pipeline.sh

@@ -44,6 +44,7 @@ EOF
 
 cat 50-filter-postfix.conf >> "$PIPELINE"
 
+echo Preparing output config
 cat >> "$PIPELINE" << EOF
 output {
   file {