From 5aa6579a69e2c97f7135a4463f47de94d2f3afa8 Mon Sep 17 00:00:00 2001
From: Busindre <busilezas@gmail.com>
Date: Wed, 4 Oct 2023 17:23:09 +0200
Subject: [PATCH 1/4] Update postfix.grok (skipped, still being delivered)

Pattern for the following logs added,
```Sep 19 11:38:52 XXX-stg postfix/qmgr[125238]: ED06590130AA1C9D6D862: skipped, still being delivered```
---
 postfix.grok | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/postfix.grok b/postfix.grok
index b74a35d..f0d3b90 100644
--- a/postfix.grok
+++ b/postfix.grok
@@ -51,6 +51,7 @@ POSTFIX_CLEANUP_PREPEND %{POSTFIX_QUEUEID:postfix_queueid}: prepend: %{POSTFIX_C
 POSTFIX_CLEANUP_MESSAGEID %{POSTFIX_QUEUEID:postfix_queueid}: message-id=<?%{GREEDYDATA_NO_BRACKET:postfix_message-id}>?
 
 # qmgr patterns
+POSTFIX_QMGR_SKIPPED %{POSTFIX_QUEUEID:postfix_queueid}: skipped, still being delivered
 POSTFIX_QMGR_REMOVED %{POSTFIX_QUEUEID:postfix_queueid}: removed
 POSTFIX_QMGR_ACTIVE %{POSTFIX_QUEUEID:postfix_queueid}: %{POSTFIX_KEYVALUE_DATA:postfix_keyvalue_data} \(queue active\)
 POSTFIX_QMGR_EXPIRED %{POSTFIX_QUEUEID:postfix_queueid}: from=<%{DATA:postfix_from}>, status=%{STATUS_WORD:postfix_status}, returned to sender
@@ -116,7 +117,7 @@ POSTFIX_SCACHE_TIMESTAMP statistics: start interval %{SYSLOGTIMESTAMP:postfix_sc
 # aggregate all patterns
 POSTFIX_SMTPD %{POSTFIX_SMTPD_CONNECT}|%{POSTFIX_SMTPD_DISCONNECT}|%{POSTFIX_SMTPD_LOSTCONN}|%{POSTFIX_SMTPD_NOQUEUE}|%{POSTFIX_SMTPD_PIPELINING}|%{POSTFIX_TLSCONN}|%{POSTFIX_WARNING}|%{POSTFIX_SMTPD_PROXY}|%{POSTFIX_KEYVALUE}
 POSTFIX_CLEANUP %{POSTFIX_CLEANUP_MESSAGEID}|%{POSTFIX_CLEANUP_MILTER}|%{POSTFIX_CLEANUP_PREPEND}|%{POSTFIX_WARNING}|%{POSTFIX_KEYVALUE}
-POSTFIX_QMGR %{POSTFIX_QMGR_REMOVED}|%{POSTFIX_QMGR_ACTIVE}|%{POSTFIX_QMGR_EXPIRED}|%{POSTFIX_WARNING}
+POSTFIX_QMGR %{POSTFIX_QMGR_REMOVED}|%{POSTFIX_QMGR_ACTIVE}|%{POSTFIX_QMGR_EXPIRED}|%{POSTFIX_WARNING}|%{POSTFIX_QMGR_SKIPPED}
 POSTFIX_PIPE %{POSTFIX_PIPE_ANY}
 POSTFIX_POSTSCREEN %{POSTFIX_PS_CONNECT}|%{POSTFIX_PS_ACCESS}|%{POSTFIX_PS_NOQUEUE}|%{POSTFIX_PS_TOOBUSY}|%{POSTFIX_PS_CACHE}|%{POSTFIX_PS_DNSBL}|%{POSTFIX_PS_VIOLATIONS}|%{POSTFIX_WARNING}
 POSTFIX_DNSBLOG %{POSTFIX_DNSBLOG_LISTING}|%{POSTFIX_WARNING}

From b1ca81bb16538e860502b95626965b36fc569431 Mon Sep 17 00:00:00 2001
From: Tom Hendrikx <tom@whyscream.net>
Date: Wed, 11 Oct 2023 16:48:52 +0200
Subject: [PATCH 2/4] Add test for qmgr 'skipped, still being delivered'
 message

---
 test/qmgr_0006.yaml | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 test/qmgr_0006.yaml

diff --git a/test/qmgr_0006.yaml b/test/qmgr_0006.yaml
new file mode 100644
index 0000000..36250ea
--- /dev/null
+++ b/test/qmgr_0006.yaml
@@ -0,0 +1,4 @@
+pattern: ^%{POSTFIX_QMGR}$
+data: "ED06590130AA1C9D6D862: skipped, still being delivered"
+results:
+    postfix_queueid: ED06590130AA1C9D6D862

From 3a2aa6c8f6149164df0ffb50a5ee0f20efe84ca4 Mon Sep 17 00:00:00 2001
From: Tom Hendrikx <tom@whyscream.net>
Date: Wed, 11 Oct 2023 17:25:08 +0200
Subject: [PATCH 3/4] Improve result data from qmgr log lines

---
 postfix.grok        | 6 +++---
 test/qmgr_0001.yaml | 1 +
 test/qmgr_0006.yaml | 1 +
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/postfix.grok b/postfix.grok
index f0d3b90..3157096 100644
--- a/postfix.grok
+++ b/postfix.grok
@@ -51,8 +51,8 @@ POSTFIX_CLEANUP_PREPEND %{POSTFIX_QUEUEID:postfix_queueid}: prepend: %{POSTFIX_C
 POSTFIX_CLEANUP_MESSAGEID %{POSTFIX_QUEUEID:postfix_queueid}: message-id=<?%{GREEDYDATA_NO_BRACKET:postfix_message-id}>?
 
 # qmgr patterns
-POSTFIX_QMGR_SKIPPED %{POSTFIX_QUEUEID:postfix_queueid}: skipped, still being delivered
-POSTFIX_QMGR_REMOVED %{POSTFIX_QUEUEID:postfix_queueid}: removed
+POSTFIX_QMGR_MESSAGE (removed|skipped, still being delivered)
+POSTFIX_QMGR_INFO %{POSTFIX_QUEUEID:postfix_queueid}: %{POSTFIX_QMGR_MESSAGE:postfix_message}
 POSTFIX_QMGR_ACTIVE %{POSTFIX_QUEUEID:postfix_queueid}: %{POSTFIX_KEYVALUE_DATA:postfix_keyvalue_data} \(queue active\)
 POSTFIX_QMGR_EXPIRED %{POSTFIX_QUEUEID:postfix_queueid}: from=<%{DATA:postfix_from}>, status=%{STATUS_WORD:postfix_status}, returned to sender
 
@@ -117,7 +117,7 @@ POSTFIX_SCACHE_TIMESTAMP statistics: start interval %{SYSLOGTIMESTAMP:postfix_sc
 # aggregate all patterns
 POSTFIX_SMTPD %{POSTFIX_SMTPD_CONNECT}|%{POSTFIX_SMTPD_DISCONNECT}|%{POSTFIX_SMTPD_LOSTCONN}|%{POSTFIX_SMTPD_NOQUEUE}|%{POSTFIX_SMTPD_PIPELINING}|%{POSTFIX_TLSCONN}|%{POSTFIX_WARNING}|%{POSTFIX_SMTPD_PROXY}|%{POSTFIX_KEYVALUE}
 POSTFIX_CLEANUP %{POSTFIX_CLEANUP_MESSAGEID}|%{POSTFIX_CLEANUP_MILTER}|%{POSTFIX_CLEANUP_PREPEND}|%{POSTFIX_WARNING}|%{POSTFIX_KEYVALUE}
-POSTFIX_QMGR %{POSTFIX_QMGR_REMOVED}|%{POSTFIX_QMGR_ACTIVE}|%{POSTFIX_QMGR_EXPIRED}|%{POSTFIX_WARNING}|%{POSTFIX_QMGR_SKIPPED}
+POSTFIX_QMGR %{POSTFIX_QMGR_INFO}|%{POSTFIX_QMGR_ACTIVE}|%{POSTFIX_QMGR_EXPIRED}|%{POSTFIX_WARNING}
 POSTFIX_PIPE %{POSTFIX_PIPE_ANY}
 POSTFIX_POSTSCREEN %{POSTFIX_PS_CONNECT}|%{POSTFIX_PS_ACCESS}|%{POSTFIX_PS_NOQUEUE}|%{POSTFIX_PS_TOOBUSY}|%{POSTFIX_PS_CACHE}|%{POSTFIX_PS_DNSBL}|%{POSTFIX_PS_VIOLATIONS}|%{POSTFIX_WARNING}
 POSTFIX_DNSBLOG %{POSTFIX_DNSBLOG_LISTING}|%{POSTFIX_WARNING}
diff --git a/test/qmgr_0001.yaml b/test/qmgr_0001.yaml
index 64f9dc0..34271cd 100644
--- a/test/qmgr_0001.yaml
+++ b/test/qmgr_0001.yaml
@@ -2,3 +2,4 @@ pattern: ^%{POSTFIX_QMGR}$
 data: "0F5383D: removed"
 results:
     postfix_queueid: 0F5383D
+    postfix_message: removed
diff --git a/test/qmgr_0006.yaml b/test/qmgr_0006.yaml
index 36250ea..551f97b 100644
--- a/test/qmgr_0006.yaml
+++ b/test/qmgr_0006.yaml
@@ -2,3 +2,4 @@ pattern: ^%{POSTFIX_QMGR}$
 data: "ED06590130AA1C9D6D862: skipped, still being delivered"
 results:
     postfix_queueid: ED06590130AA1C9D6D862
+    postfix_message: skipped, still being delivered

From c950ab73432e09db9ab71e11655f511f32a9c90b Mon Sep 17 00:00:00 2001
From: Tom Hendrikx <tom@whyscream.net>
Date: Wed, 11 Oct 2023 17:27:06 +0200
Subject: [PATCH 4/4] Update test routine

Minitest no longer uses the `MiniTest` with capital `T` since forever
---
 .github/workflows/run_tests.yml | 4 ++--
 test/test.rb                    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml
index db028b5..f178628 100644
--- a/.github/workflows/run_tests.yml
+++ b/.github/workflows/run_tests.yml
@@ -1,6 +1,6 @@
 on: [push]
 jobs:
-  build:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -9,6 +9,6 @@ jobs:
           submodules: true
       - uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 3.1
+          ruby-version: 3.2
       - run: gem install jls-grok minitest
       - run: ruby test/test.rb
diff --git a/test/test.rb b/test/test.rb
index c807aca..0cf9bd9 100644
--- a/test/test.rb
+++ b/test/test.rb
@@ -12,7 +12,7 @@
 # It creates test cases from all yaml files in the current
 # directory.
 
-class TestGrokPatterns < MiniTest::Test
+class TestGrokPatterns < Minitest::Test
 
     @@test_dir = File.dirname(__FILE__)
     @@upstream_pattern_dir = @@test_dir + '/logstash-patterns-core/patterns/ecs-v1/'