SMTP Logs not parsing correctly

First: looking at the “success”. It seems you stumbled on a bug in nxlog, as the manual has the same construct you had. And the manual also says:

drop();

description
    Drop the currently processed event's log and don't execute further statements.

That is; if the commented line gets dropped, it really should not execute the remaining statements (such as the w3c->parse_csv();

Even the following way should work, according to the quoted part of the manual:

Exec if $raw_event =~ /^#/ drop();
Exec w3c->parse_csv();
Exec $EventTime = parsedate($date + " " + $time);
Exec $SourceName = “SMTP”;

Second: The error message differs from the other ones. It shows that there was a broken line in the file. Was there a live server writing the log file while nxlog was reading it? If you cannot find the broken line from the log file on the disk, the reason might be a result in buffering of the log writing in the smtp application; where the buffer that contained the remaining part of the log line was not flushed on the disk when nxlog read the log. Studying this would require studying the behaviour of the actual application you are logging. And possibly a support engineer for the application you are logging.

2 Likes

Thanks @jtkarvo that’s a great reply and really useful, even if only to understand what is happening.

I am wondering now if t is worth continuing to try and do it this way and that perhaps there is a different way to achieve my aim. Any thoughts?

Also, in reply to your point about what is creating the logs, its the DBMail SMTP service

hi,

I’m sorry I cannot help with dbmail - I have not used it, and do not know how to configure logging with it. If you can manage to send the logs to Windows events in Windows or syslog in Linux/unix, the rest would be easy. But I know there are many applications that do not support such logging and perhaps this is one of them.