Structured JSON Logging with Amavis

Amavis is able to output an structured JSON log format. First make sure you syslog daemon allows log messages longer than 1500 bytes. For example in rsyslogd you can use the following configuration line to raise the maximum message size to 32k:

To activate JSON logging in amavisd you need to adjust the $logline_maxlen setting since amavis will otherwise split long log lines at this threshold.

The log format in amavis is defined by the $log_templ template. For JSON logging you have to use the report_json macro:

For more macros take a look at the amavis documentation:

README.customize.txt

Relaying of collectd metrics to a central graphit with syslog

Download and install the Collectd::Plugins::WriteSyslogGraphite plugin from cpan:

This plugin allows you to write the collectd output to syslog.

Activate the plugin within your collectd configuration:

Now configure rsyslogd to log to your central logging host.

If you’re using logstash on your central logging host can use the following grok pattern/filter to extract the metrics from the log stream and pass them to graphits carbon storage.

Grok pattern:

Logstash filter/output: