Update grok patterns to use HOSTNAME in stead of HOST

whyscream · whyscream · commit 883d474f734f · 2015-11-03T20:22:22.000+01:00
Pre v2.0.0 logstash included both `HOST` and `HOSTNAME` patterns in baseline, where `HOST` was actually just an alias for `HOSTNAME`. In v2.0.0 the `HOST` alias was dropped, so we need to use `HOSTNAME` now. Thanks to https://github.com/moebiuseye for mentioning in #70
diff --git a/.gitmodules b/.gitmodules
@@ -1,3 +1,3 @@
-[submodule "test/logstash"]
-	path = test/logstash
-	url = https://github.com/elasticsearch/logstash.git
+[submodule "test/logstash-patterns-core"]
+	path = test/logstash-patterns-core
+	url = https://github.com/logstash-plugins/logstash-patterns-core.git
diff --git a/postfix.grok b/postfix.grok
@@ -1,7 +1,7 @@
 # common postfix patterns
 POSTFIX_QUEUEID ([0-9A-F]{6,}|[0-9a-zA-Z]{15,}|NOQUEUE)
-POSTFIX_CLIENT_INFO %{HOST:postfix_client_hostname}?\[%{IP:postfix_client_ip}\](:%{INT:postfix_client_port})?
-POSTFIX_RELAY_INFO %{HOST:postfix_relay_hostname}?\[(%{IP:postfix_relay_ip}|%{DATA:postfix_relay_service})\](:%{INT:postfix_relay_port})?|%{WORD:postfix_relay_service}
+POSTFIX_CLIENT_INFO %{HOSTNAME:postfix_client_hostname}?\[%{IP:postfix_client_ip}\](:%{INT:postfix_client_port})?
+POSTFIX_RELAY_INFO %{HOSTNAME:postfix_relay_hostname}?\[(%{IP:postfix_relay_ip}|%{DATA:postfix_relay_service})\](:%{INT:postfix_relay_port})?|%{WORD:postfix_relay_service}
 POSTFIX_SMTP_STAGE (CONNECT|HELO|EHLO|STARTTLS|AUTH|MAIL|RCPT( TO)?|(end of )?DATA|RSET|UNKNOWN|END-OF-MESSAGE|VRFY|\.)
 POSTFIX_ACTION (reject|defer|accept|header-redirect)
 POSTFIX_STATUS_CODE \d{3}
@@ -50,7 +50,7 @@ POSTFIX_PS_CACHE cache %{DATA} full cleanup: retained=%{NUMBER:postfix_postscree
 POSTFIX_PS_VIOLATIONS %{POSTFIX_PS_VIOLATION:postfix_postscreen_violation}( %{INT})?( after %{NUMBER:postfix_postscreen_violation_time})? from %{POSTFIX_CLIENT_INFO}( after %{POSTFIX_SMTP_STAGE:postfix_smtp_stage})?
 
 # dnsblog patterns
-POSTFIX_DNSBLOG_LISTING addr %{IP:postfix_client_ip} listed by domain %{HOST:postfix_dnsbl_domain} as %{IP:postfix_dnsbl_result}
+POSTFIX_DNSBLOG_LISTING addr %{IP:postfix_client_ip} listed by domain %{HOSTNAME:postfix_dnsbl_domain} as %{IP:postfix_dnsbl_result}
 
 # tlsproxy patterns
 POSTFIX_TLSPROXY_CONN (DIS)?CONNECT( from)? %{POSTFIX_CLIENT_INFO}
diff --git a/test/logstash b/test/logstash
diff --git a/test/logstash-patterns-core b/test/logstash-patterns-core
@@ -0,0 +1 @@
+Subproject commit 53bb945f521afbe255f7372dbf4b2ad500e63aff
diff --git a/test/test.rb b/test/test.rb
@@ -15,7 +15,7 @@
 class TestGrokPatterns < MiniTest::Unit::TestCase
 
     @@test_dir = File.dirname(__FILE__)
-    @@upstream_pattern_dir = @@test_dir + '/logstash/patterns'
+    @@upstream_pattern_dir = @@test_dir + '/logstash-patterns-core/patterns'
     @@local_pattern_dir = File.dirname(File.expand_path(@@test_dir))
 
     # Prepare a grok object.
