ultimatt1: no - I don't think so. It's fine if you intended it to be like that, but if you're ever going to put the results into a custom Web UI instead of via Kibana; putting all the results into the root object isn't going to work that well as the front-end then requires knowledge of each plugin to be able to display anything.
DragonPunch joined the channel
ultimatt1
"if you're ever going to put the results into a custom Web UI" <--- yes, I certainly will
_smf_
Then aren't you making it difficult on yourself?
ultimatt1
I can't see how, as I won't be presenting the data willy nilly, but in some carefully constructed format
I haven't done it yet, so I'm obviously ignorant here
_smf_
If you have a 'plugin_results' container object e.g. { plugin_results: { p0f: { pass: ... fail: .... skip ...}, dnsbl: { pass: .... fail: .... skip: ....} } ....
ultimatt1
right...
_smf_
You can then simply do a 'walk' of the keys and display it nicely in a web interface.
As the results all have a standard format.
ultimatt1
why can't I already do that?
_smf_
You can then add extra bits for some of the plugins if you need.
Becuase you've put the plugin results in the root.
ultimatt1
I can easily detect objects with "result_store" data in them
_smf_
So you can't 'just' walk the keys.
Yeah - but that's a bit crap though isn't it?
ultimatt1
uhhh, if you say so...
_smf_
You're going to have to decend into each key and then check if it's the correct type.
If you put it in a results object; you don't have to do that. You save yourself a bit of code and the actual returned JSON looks a bit tidier IMO.
ultimatt1
Is there a way to change how fields are presented in Kibana?
_smf_
I've no idea; I don't use Kibana
I rolled my own UI as Kibana's authentication was totally useless for anything that is exposed on the internet.
ultimatt1
true that
but for admins
_smf_
(unless you pay $$$ for the module that deals with permissions)
ultimatt1
it's fantastic
_smf_
Yeah - that was no good for what I was writing.
I needed that functionality without having to expose ES to the internet.
ultimatt1
I need subsets of those features w/o ES exposure
but I'll have extra meta data in the results that will be used to filter user "scope"
and constrain what each user is able to see
_smf_
As Kibana 3 required direct access to ES via TCP; and that was puke to do. No idea if that has changed.
Yeah - I've already dealt with that in my web app.
ultimatt1
Dunno, I'm using Kibana 4, which is a node.js app
it does require access to ES though
Kibana will never be exposed to the internet in our use
EyePulp joined the channel
lnb has quit
I think the general use case of log.elasticsearch should be targeted at kibana users
_smf_
Ok
ultimatt1
and in that case, not having plugin data in an object is a win
but, we could certainly have an option that shoves PI results into a 'plugin' container
for use cases where that helps (such as: I'm building my own web app)
that's something I might add a few months down the road. I don't want/need it for my personal Haraka server, but I might just decide you're right when I get around to consuming that data in the $work web app
_smf_
Ok - np; it's was just a comment as it's something I ran into that I thought might help. No biggie.
ultimatt1
If you hadn't mentioned, it, I'd just have done a bunch of "typeof ..." checks. By mentioning this, I'll give it a 2nd thought in the future. :)
howitdo joined the channel
Currerius joined the channel
DragonPunch
Mail From: and Mail To: do they take multiple inputs? Or just one input?
Mail From & Rcpt To, sorry.
ultimatt1
MAIL FROM is singular
RCPT TO is multiple
more specifically, RCPT TO is 1+
lnb joined the channel
DragonPunch
ultimatt1: In the headers from "To" would they then show up as singular or plural?
DragonPunch: you're confusing headers with the message envelope.
The SMTP MAIL FROM:<foo@bar.com> sets the envelope-from and RCPT TO:<bar@foo.com> adds envelope-to
The envelope data is what is used for routing.
Just like with snail mail
cek
kibana doesn't support objects in arrays
_smf_
However inside the message the Headers like To: From: Cc: Bcc: are totally informational and not used at all for routing etc. They are displayed only by the MUA.
The MAIL FROM: and To: addresses can be totally different.
DragonPunch
Ah, okay.
_smf_
It's a common misunderstanding with email
cek
the might not even exist
*they
ultimatt1
informational only when DMARC is not in the picture. :) Then, the From: header domain must be aligned with either SPF or a DKIM signature
DragonPunch
It's just really easy to get confused. Especially when I step back and ask myself from a scientific perspective "Why?" is this happening. Like, "Why does the squirrel eat the acorn from the tree". Sometimes, it's just best not to ask "Why?".
ultimatt1
only if you like "magic"
DragonPunch
Hmmm, I always wanted to be a wizard like Gandalf. Hehehe.
lnb
hmm
client company tries to send me mail. they use google and its bouncing back '550 HELO protocol mismatch'