ProHoster > Блог > Gudanarwa > Yadda ake aiki tare da rajistan ayyukan Zimbra OSE

Yadda ake aiki tare da rajistan ayyukan Zimbra OSE

Shigar duk abubuwan da ke faruwa shine ɗayan mahimman ayyuka na kowane tsarin kamfani. Logs suna ba ku damar magance matsalolin da suka kunno kai, duba ayyukan tsarin bayanai, da kuma bincika abubuwan tsaro na bayanai. Zimbra OSE kuma yana adana dalla-dalla na ayyukanta. Sun haɗa da duk bayanai daga aikin uwar garken zuwa aikawa da karɓar imel ta masu amfani. Koyaya, karanta rajistan ayyukan da Zimbra OSE ke samarwa ba karamin aiki bane. A cikin wannan labarin, ta amfani da takamaiman misali, za mu gaya muku yadda ake karanta rajistan ayyukan Zimbra OSE, da yadda ake sanya su a tsakiya.

Yadda ake aiki tare da rajistan ayyukan Zimbra OSE
Zimbra OSE yana adana duk rajistan ayyukan gida a cikin /opt/zimbra/log fayil, kuma ana iya samun rajistan ayyukan a cikin /var/log/zimbra.log file. Mafi mahimmancin waɗannan shine mailbox.log. Yana rikodin duk ayyukan da ke faruwa akan sabar saƙon. Waɗannan sun haɗa da watsa saƙon imel, bayanan tantance mai amfani, yunƙurin shiga da ya gaza, da sauransu. Shigar da ke cikin mailbox.log shine layin rubutu wanda ya ƙunshi lokacin da abin ya faru, matakin taron, lambar zaren da abin ya faru, sunan mai amfani da adireshin IP, da kuma bayanin rubutun taron. .

Yadda ake aiki tare da rajistan ayyukan Zimbra OSE

Matsayin log ɗin yana nuna ƙimar tasirin taron akan aikin uwar garken. Ta hanyar tsoho akwai matakan aukuwa guda 4: BAYANI, GARGADI, KUSKURE da FATAL. Bari mu dubi duk matakan cikin haɓaka tsari na tsanani.

  • INFO - Abubuwan da ke faruwa a wannan matakin yawanci ana nufin su sanar da ci gaban Zimbra OSE. Saƙonni a wannan matakin sun haɗa da rahotanni kan ƙirƙira ko goge akwatin wasiku, da sauransu.
  • GARGADI - abubuwan da suka faru na wannan matakin suna ba da labari game da yanayi masu yuwuwar haɗari, amma ba sa shafar aikin uwar garken. Misali, matakin WARN yana alamar saƙo game da gazawar yunƙurin shiga mai amfani.
  • KUSKURE - wannan matakin matakin a cikin log ɗin yana ba da labari game da faruwar kuskuren da ke cikin yanayi kuma baya tsoma baki tare da aikin sabar. Wannan matakin zai iya nuna kuskure a cikinsa wanda bayanan mai amfani ya lalace.
  • FATAL - wannan matakin yana nuna kurakurai wanda sabar ba zata iya ci gaba da aiki akai-akai ba. Misali, matakin FATAL zai kasance don rikodin nuna rashin iya haɗawa zuwa DBMS.

Ana sabunta fayil ɗin log ɗin sabar sabar kowace rana. Sabon sigar fayil ɗin koyaushe yana da sunan Mailbox.log, yayin da rajistan ayyukan takamaiman kwanan wata suna da kwanan wata a cikin sunan kuma suna cikin ma'ajiyar bayanai. Misali mailbox.log.2020-09-29.tar.gz. Wannan yana sa ya zama mafi sauƙi don adana rajistar ayyukan da bincika ta rajistan ayyukan.

Don dacewa da mai gudanar da tsarin, babban fayil ɗin /opt/zimbra/log/ ya ƙunshi wasu rajistan ayyukan. Suna haɗa kawai shigarwar da ke da alaƙa da takamaiman abubuwan Zimbra OSE. Misali, audit.log ya ƙunshi bayanai kawai game da amincin mai amfani, clamd.log ya ƙunshi bayanai game da aikin riga-kafi, da sauransu. Af, kyakkyawar hanyar kare uwar garken Zimbra OSE daga masu kutse ita ce Kariyar uwar garke ta amfani da Fail2Ban, wanda kawai ke aiki bisa audit.log. Hakanan kyakkyawan aiki ne don ƙara aikin cron don aiwatar da umarnin grep -ir "Password mara inganci" /opt/zimbra/log/audit.logdon karɓar bayanan gazawar shiga kullun.

Yadda ake aiki tare da rajistan ayyukan Zimbra OSE
Misalin yadda audit.log ke nuna kalmar sirri da aka shigar sau biyu kuskure da nasarar yunƙurin shiga.

Logs a Zimbra OSE na iya zama da amfani sosai wajen gano musabbabin gazawa daban-daban. A lokacin da kuskure mai mahimmanci ya faru, mai gudanarwa yawanci ba shi da lokacin karanta rajistan ayyukan. Ana buƙatar dawo da uwar garken da wuri-wuri. Koyaya, daga baya, lokacin da uwar garken ya dawo baya kuma yana samar da tarin rajistan ayyukan, yana iya zama da wahala a sami shigarwar da ake buƙata a cikin babban fayil ɗin. Don gano rikodin kuskure da sauri, ya isa ya san lokacin da aka sake kunna uwar garken kuma sami shigarwa a cikin rajistan ayyukan tun daga wannan lokacin. Shigar da ta gabata za ta kasance rikodin kuskuren da ya faru. Hakanan zaka iya samun saƙon kuskure ta hanyar neman kalmar FATAL.

Zimbra OSE rajistan ayyukan kuma yana ba ku damar gano gazawar marasa mahimmanci. Misali, don nemo keɓancewar mai gudanarwa, zaku iya nemo keɓanta mai kulawa. Sau da yawa, kurakuran da ma'aikata ke haifarwa suna tare da tari wanda ke bayyana abin da ya haifar da keɓancewar. Idan akwai kurakurai tare da isar da wasiku, yakamata ku fara bincikenku da kalmar maɓalli na LmtpServer, kuma don bincika kurakurai masu alaƙa da ka'idojin POP ko IMAP, zaku iya amfani da kalmomin ImapServer da Pop3Server.

Logs kuma na iya taimakawa lokacin binciken abubuwan tsaro na bayanai. Bari mu kalli takamaiman misali. A ranar 20 ga Satumba, ɗaya daga cikin ma'aikatan ya aika da wasiƙar da ta kamu da cutar zuwa abokin ciniki. Sakamakon haka, an ɓoye bayanan da ke kan kwamfutar abokin ciniki. Duk da haka, ma'aikaci ya rantse cewa bai aika komai ba. A matsayin wani ɓangare na binciken abin da ya faru, sabis ɗin tsaro na kamfani ya buƙaci mai sarrafa tsarin sabar sabar sabar don Satumba 20 mai alaƙa da mai amfani da ake binciken. Godiya ga hatimin lokaci, mai sarrafa tsarin ya samo fayil ɗin log ɗin da ake buƙata, ya fitar da bayanan da ake buƙata kuma ya tura shi zuwa ƙwararrun tsaro. Waɗanda kuma, suna duba ta cikinsa, su gano cewa adireshin IP ɗin da aka aiko da wannan wasiƙar ya dace da adireshin IP na kwamfutar mai amfani. Hotunan CCTV sun tabbatar da cewa ma'aikacin yana wurin aikinsa lokacin da aka aika da wasikar. Wannan bayanai sun isa a tuhume shi da karya ka'idojin tsaron bayanai tare da kore shi. 

Yadda ake aiki tare da rajistan ayyukan Zimbra OSE
Misali na cire bayanan game da ɗaya daga cikin asusun daga log ɗin Mailbox.log cikin wani fayil daban

Komai ya zama mafi rikitarwa idan ya zo ga kayan aikin uwar garken da yawa. Tun lokacin da aka tattara rajistan ayyukan a cikin gida, yin aiki tare da su a cikin kayan aikin uwar garken da yawa yana da matukar wahala kuma saboda haka akwai buƙatar daidaita tarin rajistan ayyukan. Ana iya yin haka ta hanyar kafa runduna don tattara rajistan ayyukan. Babu buƙatar musamman don ƙara mai sadaukarwa ga kayan aikin. Duk uwar garken imel na iya aiki azaman kumburi don tattara rajistan ayyukan. A cikin yanayinmu, wannan zai zama kumburin Mailstore01.

A kan wannan uwar garken muna buƙatar shigar da umarni masu zuwa:

sudo su – zimbra 
zmcontrol stop
exit
sudo /opt/zimbra/libexec/zmfixperms -e -v

Shirya fayil ɗin / sauransu/sysconfig/rsyslog, kuma saita SYSLOGD_OPTIONS =” -r -c 2 ″

Shirya /etc/rsyslog.conf kuma ba da amsa wadannan layukan:
$ModLoad imudp
$UDPServerRun 514

Shigar da umarni masu zuwa:

sudo /etc/init.d/rsyslog stop
sudo /etc/init.d/rsyslog start
sudo su – zimbra
zmcontrol start
exit
sudo /opt/zimbra/libexec/zmloggerinit
sudo /opt/zimbra/bin/zmsshkeygen
sudo /opt/zimbra/bin/zmupdateauthkeys

Kuna iya duba cewa komai yana aiki ta amfani da umurnin zmprov gacf | grep zimbraLogHostname. Bayan aiwatar da umarnin, ya kamata a nuna sunan rundunar da ke tattara rajistan ayyukan. Domin canza shi, dole ne ka shigar da umurnin zmprov mcf zimbraLogHostname mailstore01.company.ru.

A kan duk sauran sabar kayan aikin (LDAP, MTA da sauran shagunan wasiku), gudanar da umarnin zmprov gacf | grep zimbraLogHostname don ganin sunan mai watsa shiri wanda aka aika da rajistan ayyukan. Don canza shi, zaku iya shigar da umarnin zmprov mcf zimbraLogHostname mailstore01.company.ru

Dole ne ku kuma shigar da umarni masu zuwa akan kowace uwar garken:

sudo su - zimbra
/opt/zimbra/bin/zmsshkeygen
/opt/zimbra/bin/zmupdateauthkeys
exit
sudo /opt/zimbra/libexec/zmsyslogsetup
sudo service rsyslog restart
sudo su - zimbra
zmcontrol restart

Bayan wannan, duk rajistan ayyukan za a yi rikodin akan uwar garken da kuka ayyana, inda za'a iya duba su cikin dacewa. Hakanan, a cikin na'urar wasan bidiyo na mai gudanarwa na Zimbra OSE, akan allon tare da bayani game da matsayin sabobin, sabis ɗin Logger mai gudana za a nuna shi kawai don sabar mailstore01.

Yadda ake aiki tare da rajistan ayyukan Zimbra OSE

Wani ciwon kai ga mai gudanarwa na iya kasancewa mai lura da takamaiman imel. Tun da imel a cikin Zimbra OSE suna bi da abubuwa daban-daban a lokaci ɗaya: bincika ta riga-kafi, antispam, da sauransu, kafin a karɓa ko aika, ga mai gudanarwa, idan imel ɗin bai zo ba, yana iya zama da wahala a gano a wane mataki. an rasa .

Don magance wannan matsala, zaku iya amfani da rubutun na musamman, wanda ƙwararren masanin tsaro na bayanai Viktor Dukhovny ya haɓaka kuma masu haɓaka Postfix suka ba da shawarar yin amfani da su. Wannan rubutun yana haɗa shigarwar daga rajistan ayyukan don takamaiman tsari kuma, saboda wannan, yana ba ku damar nuna duk shigarwar da ke da alaƙa da aika takamaiman wasiƙa dangane da mai gano ta. An gwada aikinta akan duk nau'ikan Zimbra OSE, farawa daga 8.7. Ga rubutun rubutun.

#! /usr/bin/perl

use strict;
use warnings;

# Postfix delivery agents
my @agents = qw(discard error lmtp local pipe smtp virtual);

my $instre = qr{(?x)
	A			# Absolute line start
	(?:S+ s+){3} 		# Timestamp, adjust for other time formats
	S+ s+ 		# Hostname
	(postfix(?:-[^/s]+)?)	# Capture instance name stopping before first '/'
	(?:/S+)*		# Optional non-captured '/'-delimited qualifiers
	/			# Final '/' before the daemon program name
	};

my $cmdpidre = qr{(?x)
	G			# Continue from previous match
	(S+)[(d+)]:s+	# command[pid]:
};

my %smtpd;
my %smtp;
my %transaction;
my $i = 0;
my %seqno;

my %isagent = map { ($_, 1) } @agents;

while (<>) {
	next unless m{$instre}ogc; my $inst = $1;
	next unless m{$cmdpidre}ogc; my $command = $1; my $pid = $2;

	if ($command eq "smtpd") {
		if (m{Gconnect from }gc) {
			# Start new log
			$smtpd{$pid}->{"log"} = $_; next;
		}

		$smtpd{$pid}->{"log"} .= $_;

		if (m{G(w+): client=}gc) {
			# Fresh transaction 
			my $qid = "$inst/$1";
			$smtpd{$pid}->{"qid"} = $qid;
			$transaction{$qid} = $smtpd{$pid}->{"log"};
			$seqno{$qid} = ++$i;
			next;
		}

		my $qid = $smtpd{$pid}->{"qid"};
		$transaction{$qid} .= $_
			if (defined($qid) && exists $transaction{$qid});
		delete $smtpd{$pid} if (m{Gdisconnect from}gc);
		next;
	}

	if ($command eq "pickup") {
		if (m{G(w+): uid=}gc) {
			my $qid = "$inst/$1";
			$transaction{$qid} = $_;
			$seqno{$qid} = ++$i;
		}
		next;
	}

	# bounce(8) logs transaction start after cleanup(8) already logged
	# the message-id, so the cleanup log entry may be first
	#
	if ($command eq "cleanup") {
		next unless (m{G(w+): }gc);
		my $qid = "$inst/$1";
		$transaction{$qid} .= $_;
		$seqno{$qid} = ++$i if (! exists $seqno{$qid});
		next;
	}

	if ($command eq "qmgr") {
		next unless (m{G(w+): }gc);
		my $qid = "$inst/$1";
		if (defined($transaction{$qid})) {
			$transaction{$qid} .= $_;
			if (m{Gremoved$}gc) {
				print delete $transaction{$qid}, "n";
			}
		}
		next;
	}

	# Save pre-delivery messages for smtp(8) and lmtp(8)
	#
	if ($command eq "smtp" || $command eq "lmtp") {
		$smtp{$pid} .= $_;

		if (m{G(w+): to=}gc) {
			my $qid = "$inst/$1";
			if (defined($transaction{$qid})) {
				$transaction{$qid} .= $smtp{$pid};
			}
			delete $smtp{$pid};
		}
		next;
	}

	if ($command eq "bounce") {
		if (m{G(w+): .*? notification: (w+)$}gc) {
			my $qid = "$inst/$1";
			my $newid = "$inst/$2";
			if (defined($transaction{$qid})) {
				$transaction{$qid} .= $_;
			}
			$transaction{$newid} =
				$_ . $transaction{$newid};
			$seqno{$newid} = ++$i if (! exists $seqno{$newid});
		}
		next;
	}

	if ($isagent{$command}) {
		if (m{G(w+): to=}gc) {
			my $qid = "$inst/$1";
			if (defined($transaction{$qid})) {
				$transaction{$qid} .= $_;
			}
		}
		next;
	}
}

# Dump logs of incomplete transactions.
foreach my $qid (sort {$seqno{$a} <=> $seqno{$b}} keys %transaction) {
    print $transaction{$qid}, "n";
}

An rubuta rubutun a cikin Perl kuma don gudanar da shi kuna buƙatar adana shi zuwa fayil tattara.pl, sanya shi aiwatarwa, sannan gudanar da fayil ɗin da ke ƙayyade fayil ɗin log da amfani da pgrep don cire bayanan gano harafin da kuke nema. collate.pl /var/log/zimbra.log | pgrep'[email kariya]> '. Sakamakon zai zama fitowar layin da ke ɗauke da bayanai game da motsin harafin akan sabar.

# collate.pl /var/log/zimbra.log | pgrep '<[email protected]>'
Oct 13 10:17:00 mail postfix/pickup[4089]: 4FF14284F45: uid=1034 from=********
Oct 13 10:17:00 mail postfix/cleanup[26776]: 4FF14284F45: message-id=*******
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: from=********, size=1387, nrcpt=1 (queue active)
Oct 13 10:17:00 mail postfix/smtp[7516]: Anonymous TLS connection established to mail.*******[168.*.*.4]:25: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:00 mail postfix/smtp[7516]: 4FF14284F45: to=*********, relay=mail.*******[168.*.*.4]:25, delay=0.25, delays=0.02/0.02/0.16/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 878833424CF)
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: removed
Oct 13 10:17:07 mail postfix/smtpd[21777]: connect from zimbra.******[168.*.*.4]
Oct 13 10:17:07 mail postfix/smtpd[21777]: Anonymous TLS connection established from zimbra.******[168.*.*.4]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:08 mail postfix/smtpd[21777]: 0CB69282F4E: client=zimbra.******[168.*.*.4]
Oct 13 10:17:08 mail postfix/cleanup[26776]: 0CB69282F4E: message-id=zimbra.******
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: from=zimbra.******, size=3606, nrcpt=1 (queue active)
Oct 13 10:17:08 mail postfix/virtual[5291]: 0CB69282F4E: to=zimbra.******, orig_to=zimbra.******, relay=virtual, delay=0.03, delays=0.02/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: removed

Don duk tambayoyin da suka shafi Zextras Suite, zaku iya tuntuɓar Wakilin Zextras Ekaterina Triandafilidi ta imel [email kariya]

source: www.habr.com