Logstash RFC2407 Plugin

Travis Build Status

This plugin is meant for decoding RFC2047 headers

Example

  • with the message given:

“essage => “2013-01-20T13:14:01+0000: Example mail header field: =?ISO-8859-1?B?SWYgeW91IGNhbiByZWFkIHRoaXMgeW8=?==?ISO-8859-2?B?dSB1bmRlcnN0YW5kIHRoZSBleGFtcGxlLg==?=;”

  • and the plugin configuration:

“ filter { grok { match => { “message” => “%TIMESTAMP_ISO8601:timestamp: %DATA: %DATA:header_field1;( %GREEDYDATA:header_field2)?”} } mime { field => [header_field1, header_field2] } }

  • the outcome will be a document:

“ @timestamp: “2013-01-20T13:14:01+0000”, header_field1: “If you can read this you understand the example.” }