ʻO ka hoʻopaʻa inoa ʻana i nā hanana āpau kekahi o nā hana koʻikoʻi o nā ʻōnaehana hui. Hiki iā ʻoe ke hoʻoponopono i nā pilikia e kū mai ana, loiloi i ka hana o nā ʻōnaehana ʻike, a e noiʻi pū i nā hanana palekana ʻike. Mālama pū ʻo Zimbra OSE i nā lāʻau kikoʻī o kāna hana. Hoʻopili lākou i nā ʻikepili a pau mai ka hana kikowaena i ka hoʻouna ʻana a me ka loaʻa ʻana o nā leka uila e nā mea hoʻohana. Eia nō naʻe, ʻo ka heluhelu ʻana i nā lāʻau i hana ʻia e Zimbra OSE he hana koʻikoʻi ʻole. Ma kēia ʻatikala, me ka hoʻohana ʻana i kahi hiʻohiʻona kikoʻī, e haʻi mākou iā ʻoe pehea e heluhelu ai i nā logs Zimbra OSE, a me pehea e hoʻolilo ai iā lākou i kikowaena.
Hoʻopaʻa ʻo Zimbra OSE i nā lāʻau kūloko a pau i loko o ka waihona /opt/zimbra/log, a hiki ke loaʻa nā lāʻau ma ka faila /var/log/zimbra.log. ʻO ka mea nui o kēia mau mea ʻo ka mailbox.log. Hoʻopaʻa ʻo ia i nā hana āpau i hana ʻia ma ke kikowaena leka uila. Hoʻopili kēia i ka hoʻouna ʻana i nā leka uila, ka ʻikepili hōʻoia o ka mea hoʻohana, ka hoʻāʻo ʻole ʻana, a me nā mea ʻē aʻe. ʻO nā mea komo i loko o ka mailbox.log he kaula kikokikona i loaʻa ka manawa i hana ʻia ai ka hanana, ka pae o ka hanana, ka helu pae i hana ʻia ai ka hanana, ka inoa mea hoʻohana a me ka helu IP, a me kahi wehewehe kikokikona o ka hanana. .
Hōʻike ka pae log i ke kiʻekiʻe o ka mana o ka hanana ma ka hana a ke kikowaena. Ma ka maʻamau, aia nā pae hanana 4: INFO, WARN, ERROR a me FATAL. E nānā kākou i nā pae a pau i ka hoʻonui ʻana i ke ʻano o ka paʻakikī.
- INFO - ʻO nā hanana ma kēia pae i manaʻo pinepine ʻia e hoʻomaopopo e pili ana i ka holomua o Zimbra OSE. Aia nā memo ma kēia pae i nā hōʻike e pili ana i ka hana ʻana a i ʻole ka holoi ʻana i kahi pahu leta, a pēlā aku.
- WARN - hōʻike nā hanana o kēia pae e pili ana i nā kūlana i hiki ke pilikia, akā ʻaʻole pili i ka hana o ke kikowaena. No ka laʻana, hōʻailona ka pae WARN i kahi memo e pili ana i ka hoʻāʻo ʻana i ka mea hoʻohana i hāʻule.
- ERROR - ʻo kēia pae hanana i loko o ka lāʻau e hōʻike ana i ka hiki ʻana mai o kahi hewa ma ke ʻano kūloko a ʻaʻole keakea i ka hana o ke kikowaena. Hiki i kēia pae ke hōʻailona i kahi hewa i hoʻopōʻino ʻia ai ka ʻikepili helu kuhikuhi o kekahi mea hoʻohana.
- FATAL - hōʻike kēia pae i nā hewa i hiki ʻole i ke kikowaena ke hoʻomau i ka hana maʻamau. No ka laʻana, ʻo ka pae FATAL no kahi moʻolelo e hōʻike ana i ka hiki ʻole ke hoʻopili i ka DBMS.
Hoʻopili hou ʻia ka faila log server mail i kēlā me kēia lā. Loaʻa mau ka inoa Mailbox.log ka mana hou loa o ka faila, ʻoiai ʻo nā lāʻau no kekahi lā he lā ma ka inoa a aia i loko o ka waihona. No ka laʻana mailbox.log.2020-09-29.tar.gz. He mea maʻalahi kēia i ka hoʻihoʻi ʻana i nā moʻolelo hana a me ka ʻimi ʻana ma o nā lāʻau.
No ka ʻoluʻolu o ka luna hoʻoponopono, aia i loko o ka waihona /opt/zimbra/log/ nā lāʻau ʻē aʻe. Hoʻokomo wale lākou i nā mea e pili ana i nā mea kikoʻī Zimbra OSE. No ka laʻana, loaʻa i ka audit.log nā moʻolelo e pili ana i ka hōʻoia o ka mea hoʻohana, ʻo clamd.log ka ʻikepili e pili ana i ka hana o ka antivirus, a pēlā aku. Ma ke ala, ʻo kahi ala maikaʻi loa e pale ai i kahi kikowaena Zimbra OSE mai nā mea komo , e hana wale ana ma muli o audit.log. He hana maikaʻi nō hoʻi e hoʻohui i kahi hana cron e hoʻokō i ke kauoha grep -ir "ʻōlelo huna ʻole" /opt/zimbra/log/audit.logno ka loaʻa ʻana o ka ʻike hoʻopaʻa inoa i kēlā me kēia lā.
ʻO kahi laʻana o ka hōʻike ʻana o audit.log i kahi ʻōlelo huna i hoʻokomo hewa ʻia ʻelua a me ka hoʻāʻo ʻana i kūleʻa.
Hiki ke hoʻohana nui ʻia nā logs ma Zimbra OSE i ka ʻike ʻana i nā kumu o nā hemahema koʻikoʻi. I ka manawa e puka mai ai kahi hewa koʻikoʻi, ʻaʻohe manawa o ka luna hoʻoponopono e heluhelu i nā lāʻau. Pono e hoʻihoʻi i ke kikowaena i ka hikiwawe. Eia naʻe, ma hope, i ka wā i hoʻihoʻi ʻia ai ke kikowaena a hana i nā lāʻau he nui, hiki ke paʻakikī ke ʻimi i ke komo i koi ʻia i kahi faila nui. I mea e ʻimi koke ai i kahi moʻolelo hewa, ua lawa ia e ʻike i ka manawa i hoʻomaka hou ʻia ai ke kikowaena a loaʻa kahi komo i loko o nā lāʻau i hoʻopaʻa ʻia mai kēia manawa. ʻO ka helu mua e lilo i moʻolelo o ka hewa i hana ʻia. Hiki iā ʻoe ke loaʻa ka memo hewa ma ka ʻimi ʻana i ka huaʻōlelo FATAL.
ʻAe ʻo Zimbra OSE logs iā ʻoe e ʻike i nā hemahema koʻikoʻi ʻole. No ka laʻana, no ka ʻimi ʻana i nā ʻokoʻa o ka mea lawelawe, hiki iā ʻoe ke ʻimi i ka ʻokoʻa o ka mea lima. ʻO ka manawa pinepine, ʻo nā hewa i hana ʻia e nā mea lawelawe e hele pū ʻia me kahi hōʻailona e wehewehe i ke kumu o ka ʻokoʻa. Inā he hewa i ka lawe ʻana i ka leka, pono ʻoe e hoʻomaka i kāu hulina me ka huaʻōlelo LmtpServer, a no ka ʻimi ʻana i nā hewa e pili ana i nā protocols POP a IMAP, hiki iā ʻoe ke hoʻohana i nā huaʻōlelo ImapServer a me Pop3Server.
Hiki ke kōkua pū nā logs i ka wā e noiʻi ana i nā hanana palekana ʻike. E nānā kākou i kekahi laʻana. Ma Sepatemaba 20, ua hoʻouna kekahi o nā limahana i kahi leka i hoʻopili ʻia i ka mea kūʻai aku. ʻO ka hopena, ua hoʻopili ʻia ka ʻikepili ma ke kamepiula o ka mea kūʻai aku. Eia naʻe, hoʻohiki ka limahana ʻaʻole ia i hoʻouna i kekahi mea. Ma ke ʻano he ʻāpana o ka hoʻokolokolo ʻana i ka hanana, ua noi ka lawelawe palekana ʻoihana mai ka luna ʻōnaehana e hoʻopaʻa i ka server leka uila no Kepakemapa 20 pili me ka mea hoʻohana e noiʻi ʻia nei. Mahalo i ka hōʻailona manawa, ʻike ka luna hoʻonohonoho i ka faila log pono, unuhi i ka ʻike pono a hoʻoili i nā loea palekana. ʻO ka poʻe, e nānā i loko a ʻike i ka IP address kahi i hoʻouna ʻia ai kēia leka e pili ana i ka IP address o ka kamepiula o ka mea hoʻohana. Ua hōʻoia nā kiʻi CCTV aia ka limahana ma kāna wahi hana i ka wā i hoʻouna ʻia ai ka leka. Ua lawa kēia ʻikepili i mea e hoʻopiʻi ai iā ia no ka uhai ʻana i nā lula palekana ʻike a puhi iā ia.
He laʻana o ka unuhi ʻana i nā moʻolelo e pili ana i kekahi o nā moʻokāki mai ka pahu Mailbox.log i loko o kahi faila ʻokoʻa
ʻOi aku ka paʻakikī o nā mea a pau i ka wā e pili ana i ka ʻōnaehana multi-server. Ma muli o ka hōʻiliʻili ʻia ʻana o nā lāʻau ma ka ʻāina, ʻo ka hana pū ʻana me lākou i kahi ʻōnaehana multi-server he mea maʻalahi loa ia a no laila pono e hoʻokaʻawale i ka hōʻiliʻili o nā lāʻau. Hiki ke hana i kēia ma ka hoʻonohonoho ʻana i kahi hoʻokipa e hōʻiliʻili i nā lāʻau. ʻAʻohe pono e hoʻohui i kahi mea hoʻolaʻa i hoʻolaʻa ʻia i ka ʻoihana. Hiki i kēlā me kēia kikowaena leka uila ke hana ma ke ʻano he node no ka ʻohi ʻana i nā lāʻau. I kā mākou hihia, ʻo ia ka Mailstore01 node.
Ma kēia kikowaena pono mākou e komo i nā kauoha i lalo:
sudo su – zimbra
zmcontrol stop
exit
sudo /opt/zimbra/libexec/zmfixperms -e -vHoʻoponopono i ka faila /etc/sysconfig/rsyslog, a hoʻonoho i ka SYSLOGD_OPTIONS = "-r -c 2"
Hoʻoponopono /etc/rsyslog.conf a wehe ʻole i nā laina aʻe:
$ModLoad imudp
$UDPServerRun 514
E hoʻokomo i nā kauoha aʻe:
sudo /etc/init.d/rsyslog stop
sudo /etc/init.d/rsyslog start
sudo su – zimbra
zmcontrol start
exit
sudo /opt/zimbra/libexec/zmloggerinit
sudo /opt/zimbra/bin/zmsshkeygen
sudo /opt/zimbra/bin/zmupdateauthkeysHiki iā ʻoe ke nānā e hana ana nā mea āpau me ka hoʻohana ʻana i ke kauoha zmprov gacf | grep zimbraLogHostname. Ma hope o ka hoʻokō ʻana i ke kauoha, pono e hōʻike ʻia ka inoa o ka mea nāna e hōʻiliʻili i nā lāʻau. I mea e hoʻololi ai, pono ʻoe e hoʻokomo i ke kauoha zmprov mcf zimbraLogHostname mailstore01.company.ru.
Ma nā kikowaena hana ʻē aʻe a pau (LDAP, MTA a me nā hale kūʻai leka ʻē aʻe), e holo i ke kauoha zmprov gacf |grep zimbraLogHostname e ʻike i ka inoa o ka mea hoʻokipa kahi i hoʻouna ʻia ai nā lāʻau. No ka hoʻololi ʻana, hiki iā ʻoe ke komo i ke kauoha zmprov mcf zimbraLogHostname mailstore01.company.ru
Pono ʻoe e hoʻokomo i kēia mau kauoha ma kēlā me kēia kikowaena:
sudo su - zimbra
/opt/zimbra/bin/zmsshkeygen
/opt/zimbra/bin/zmupdateauthkeys
exit
sudo /opt/zimbra/libexec/zmsyslogsetup
sudo service rsyslog restart
sudo su - zimbra
zmcontrol restartMa hope o kēia, e hoʻopaʻa ʻia nā lāʻau āpau ma ka kikowaena āu i kuhikuhi ai, kahi e hiki ke nānā pono ʻia. Eia kekahi, i loko o ka console administrator Zimbra OSE, ma ka ʻaoʻao me ka ʻike e pili ana i ke kūlana o nā kikowaena, e hōʻike ʻia ka lawelawe Logger holo wale no ka server mailstore01.
ʻO kekahi poʻo poʻo no ka luna hoʻoponopono hiki ke mālama i kahi leka uila kikoʻī. No ka mea e hele ana nā leka uila ma Zimbra OSE i nā hanana like ʻole i ka manawa hoʻokahi: ka nānā ʻana e ka antivirus, antispam, a pēlā aku, ma mua o ka ʻae ʻia ʻana a hoʻouna ʻia paha, no ka luna hoʻomalu, inā ʻaʻole hiki mai ka leka uila, hiki i ka pilikia ke ʻimi i ka pae hea. ua nalowale .
I mea e hoʻoponopono ai i kēia pilikia, hiki iā ʻoe ke hoʻohana i kahi palapala kūikawā, i hoʻomohala ʻia e ka loea palekana ʻike ʻo Viktor Dukhovny a ʻōlelo ʻia no ka hoʻohana ʻana e nā mea hoʻomohala Postfix. Hoʻohui kēia ʻatikala i nā mea hoʻokomo mai nā moʻolelo no kahi kaʻina kikoʻī a, ma muli o kēia, hiki iā ʻoe ke hōʻike koke i nā helu āpau e pili ana i ka hoʻouna ʻana i kahi leka e pili ana i kona ʻike. Ua hoʻāʻo ʻia kāna hana ma nā mana āpau o Zimbra OSE, e hoʻomaka ana mai 8.7. Eia ka kikokikona o ka palapala.
#! /usr/bin/perl
use strict;
use warnings;
# Postfix delivery agents
my @agents = qw(discard error lmtp local pipe smtp virtual);
my $instre = qr{(?x)
A # Absolute line start
(?:S+ s+){3} # Timestamp, adjust for other time formats
S+ s+ # Hostname
(postfix(?:-[^/s]+)?) # Capture instance name stopping before first '/'
(?:/S+)* # Optional non-captured '/'-delimited qualifiers
/ # Final '/' before the daemon program name
};
my $cmdpidre = qr{(?x)
G # Continue from previous match
(S+)[(d+)]:s+ # command[pid]:
};
my %smtpd;
my %smtp;
my %transaction;
my $i = 0;
my %seqno;
my %isagent = map { ($_, 1) } @agents;
while (<>) {
next unless m{$instre}ogc; my $inst = $1;
next unless m{$cmdpidre}ogc; my $command = $1; my $pid = $2;
if ($command eq "smtpd") {
if (m{Gconnect from }gc) {
# Start new log
$smtpd{$pid}->{"log"} = $_; next;
}
$smtpd{$pid}->{"log"} .= $_;
if (m{G(w+): client=}gc) {
# Fresh transaction
my $qid = "$inst/$1";
$smtpd{$pid}->{"qid"} = $qid;
$transaction{$qid} = $smtpd{$pid}->{"log"};
$seqno{$qid} = ++$i;
next;
}
my $qid = $smtpd{$pid}->{"qid"};
$transaction{$qid} .= $_
if (defined($qid) && exists $transaction{$qid});
delete $smtpd{$pid} if (m{Gdisconnect from}gc);
next;
}
if ($command eq "pickup") {
if (m{G(w+): uid=}gc) {
my $qid = "$inst/$1";
$transaction{$qid} = $_;
$seqno{$qid} = ++$i;
}
next;
}
# bounce(8) logs transaction start after cleanup(8) already logged
# the message-id, so the cleanup log entry may be first
#
if ($command eq "cleanup") {
next unless (m{G(w+): }gc);
my $qid = "$inst/$1";
$transaction{$qid} .= $_;
$seqno{$qid} = ++$i if (! exists $seqno{$qid});
next;
}
if ($command eq "qmgr") {
next unless (m{G(w+): }gc);
my $qid = "$inst/$1";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $_;
if (m{Gremoved$}gc) {
print delete $transaction{$qid}, "n";
}
}
next;
}
# Save pre-delivery messages for smtp(8) and lmtp(8)
#
if ($command eq "smtp" || $command eq "lmtp") {
$smtp{$pid} .= $_;
if (m{G(w+): to=}gc) {
my $qid = "$inst/$1";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $smtp{$pid};
}
delete $smtp{$pid};
}
next;
}
if ($command eq "bounce") {
if (m{G(w+): .*? notification: (w+)$}gc) {
my $qid = "$inst/$1";
my $newid = "$inst/$2";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $_;
}
$transaction{$newid} =
$_ . $transaction{$newid};
$seqno{$newid} = ++$i if (! exists $seqno{$newid});
}
next;
}
if ($isagent{$command}) {
if (m{G(w+): to=}gc) {
my $qid = "$inst/$1";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $_;
}
}
next;
}
}
# Dump logs of incomplete transactions.
foreach my $qid (sort {$seqno{$a} <=> $seqno{$b}} keys %transaction) {
print $transaction{$qid}, "n";
}Ua kākau ʻia ka palapala ma Perl a no ka holo ʻana pono ʻoe e mālama iā ia i kahi faila collate.pl, e hoʻokō, a laila holo i ka faila e kuhikuhi ana i ka faila log a me ka hoʻohana ʻana i ka pgrep e unuhi i ka ʻike ʻike o ka leka āu e ʻimi nei. collate.pl /var/log/zimbra.log | pgrep '[pale ʻia ka leka uila]>'. ʻO ka hopena ka hopena o nā laina i loaʻa ka ʻike e pili ana i ka neʻe ʻana o ka leka ma ke kikowaena.
# collate.pl /var/log/zimbra.log | pgrep '<[email protected]>'
Oct 13 10:17:00 mail postfix/pickup[4089]: 4FF14284F45: uid=1034 from=********
Oct 13 10:17:00 mail postfix/cleanup[26776]: 4FF14284F45: message-id=*******
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: from=********, size=1387, nrcpt=1 (queue active)
Oct 13 10:17:00 mail postfix/smtp[7516]: Anonymous TLS connection established to mail.*******[168.*.*.4]:25: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:00 mail postfix/smtp[7516]: 4FF14284F45: to=*********, relay=mail.*******[168.*.*.4]:25, delay=0.25, delays=0.02/0.02/0.16/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 878833424CF)
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: removed
Oct 13 10:17:07 mail postfix/smtpd[21777]: connect from zimbra.******[168.*.*.4]
Oct 13 10:17:07 mail postfix/smtpd[21777]: Anonymous TLS connection established from zimbra.******[168.*.*.4]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:08 mail postfix/smtpd[21777]: 0CB69282F4E: client=zimbra.******[168.*.*.4]
Oct 13 10:17:08 mail postfix/cleanup[26776]: 0CB69282F4E: message-id=zimbra.******
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: from=zimbra.******, size=3606, nrcpt=1 (queue active)
Oct 13 10:17:08 mail postfix/virtual[5291]: 0CB69282F4E: to=zimbra.******, orig_to=zimbra.******, relay=virtual, delay=0.03, delays=0.02/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: removedNo nā nīnau a pau e pili ana iā Zextras Suite, hiki iā ʻoe ke kelepona iā Zextras Representative Ekaterina Triandafilidi ma ka leka uila. [pale ʻia ka leka uila]
Source: www.habr.com