Kudula mitengo ya zochitika zonse zomwe zikuchitika ndi chimodzi mwazinthu zofunika kwambiri pamakampani aliwonse. Zolemba zimakupatsani mwayi wothana ndi mavuto omwe akubwera, kuwunika momwe machitidwe azidziwitso amagwirira ntchito, komanso kufufuza zochitika zachitetezo chazidziwitso. Zimbra OSE imasunganso zipika zatsatanetsatane za momwe zimagwirira ntchito. Zimaphatikizapo zonse kuchokera ku machitidwe a seva mpaka kutumiza ndi kulandira maimelo ndi ogwiritsa ntchito. Komabe, kuwerenga zipika zopangidwa ndi Zimbra OSE ndi ntchito yosachepera. M'nkhaniyi, pogwiritsa ntchito chitsanzo chapadera, tidzakuuzani momwe mungawerenge zipika za Zimbra OSE, komanso momwe mungapangire kuti zikhale pakati.
Zimbra OSE imasunga zipika zonse zakomweko mu /opt/zimbra/log foda, ndipo zipika zimapezekanso mu fayilo ya /var/log/zimbra.log. Chofunika kwambiri mwa izi ndi mailbox.log. Imalemba zochitika zonse zomwe zimachitika pa seva yamakalata. Izi zikuphatikiza kutumiza maimelo, data yotsimikizira ogwiritsa ntchito, kuyesa kolephera kulowa, ndi zina. Zolemba mu mailbox.log ndi chingwe cholemba chomwe chili ndi nthawi yomwe chochitikacho chinachitika, mlingo wa chochitikacho, nambala ya ulusi yomwe chochitikacho chinachitika, dzina la ogwiritsira ntchito ndi IP adilesi, komanso kufotokozera malemba a chochitikacho. .
Mulingo wa chipika umawonetsa kuchuluka kwa chikoka pa ntchito ya seva. Mwachikhazikitso pali magawo 4 a zochitika: INFO, WARN, ERROR ndi FATAL. Tiyeni tiyang'ane pamilingo yonse pakuwonjezereka kwa kuuma.
- INFO - Zochitika pamlingo uwu nthawi zambiri zimapangidwira kudziwitsa za kupita patsogolo kwa Zimbra OSE. Mauthenga pamlingo uwu akuphatikizapo malipoti opangidwa kapena kufufutidwa kwa bokosi la makalata, ndi zina zotero.
- CHENJEZANI - zochitika pamlingo uwu zimadziwitsa za zochitika zomwe zingakhale zoopsa, koma sizimakhudza ntchito ya seva. Mwachitsanzo, mulingo wa WARN ndi chizindikiro cha uthenga wonena kuti wosuta walephera kulowa.
- ERROR - mulingo wa chochitika ichi mu chipika umadziwitsa za kuchitika kwa cholakwika chomwe chili chapafupi ndipo sichimasokoneza magwiridwe antchito a seva. Mulingo uwu ukhoza kuwonetsa zolakwika pomwe data yamunthu aliyense yawonongeka.
- FATAL - mulingo uwu ukuwonetsa zolakwika zomwe seva siyingapitirize kugwira ntchito moyenera. Mwachitsanzo, mlingo wa FATAL udzakhala wa mbiri yosonyeza kulephera kulumikiza ku DBMS.
Fayilo ya chipika cha seva yamakalata imasinthidwa tsiku lililonse. Fayilo yaposachedwa nthawi zonse imakhala ndi dzina lakuti Mailbox.log, pomwe zolemba zatsiku lina zimakhala ndi deti mu dzina ndipo zili munkhokwe. Mwachitsanzo mailbox.log.2020-09-29.tar.gz. Izi zimapangitsa kuti zikhale zosavuta kusunga zipika za zochitika ndi kufufuza muzolemba.
Kuti muthandizire woyang'anira dongosolo, chikwatu /opt/zimbra/log/ chili ndi zipika zina. Amangophatikiza zolemba zomwe zikukhudzana ndi zinthu zina za Zimbra OSE. Mwachitsanzo, audit.log ili ndi zolemba zokhazokha zokhudzana ndi kutsimikizika kwa wogwiritsa ntchito, clamd.log ili ndi deta yokhudzana ndi machitidwe a antivayirasi, ndi zina zotero. Mwa njira, njira yabwino kwambiri yotetezera seva ya Zimbra OSE kwa olowa ndi , zomwe zimangogwira ntchito potengera audit.log. Ndikuchitanso bwino kuwonjezera ntchito ya cron kuti mupereke lamulo grep -ir "password yosavomerezeka" /opt/zimbra/log/audit.logkuti mulandire zidziwitso zolephera kulowa tsiku lililonse.
Chitsanzo cha momwe audit.log imawonetsera mawu achinsinsi omwe adalowetsedwa kawiri molakwika komanso kuyesa kolowera bwino.
Zolemba mu Zimbra OSE zitha kukhala zothandiza kwambiri pakuzindikira zomwe zimayambitsa zovuta zosiyanasiyana. Panthawi yomwe kulakwitsa kwakukulu kumachitika, woyang'anira nthawi zambiri alibe nthawi yowerengera zipika. Ndikofunikira kubwezeretsa seva posachedwa. Komabe, pambuyo pake, pamene seva ikubwezeretsanso ndikupanga zolemba zambiri, zingakhale zovuta kupeza zofunikira mu fayilo yaikulu. Kuti mupeze msanga mbiri yolakwika, ndikwanira kudziwa nthawi yomwe seva idayambikanso ndikupeza cholowa muzolemba zachibwenzi kuyambira nthawi ino. Cholowa cham'mbuyomu chikhala mbiri ya cholakwika chomwe chidachitika. Mutha kupezanso uthenga wolakwika posaka mawu osakira FATAL.
Zimbra OSE zipika zimakulolani kuti muzindikire zolephera zosafunikira. Mwachitsanzo, kuti mupeze zosiyanira zogwirira ntchito, mutha kusaka kuchotsera kwa othandizira. Nthawi zambiri, zolakwika zomwe zimapangidwa ndi othandizira zimatsatiridwa ndi mndandanda womwe umafotokoza zomwe zidapangitsa kuti pasakhale kusiyana. Pakakhala zolakwika ndi kutumiza makalata, muyenera kuyamba kusaka ndi mawu osakira a LmtpServer, ndikusaka zolakwika zokhudzana ndi ma protocol a POP kapena IMAP, mutha kugwiritsa ntchito mawu osakira a ImapServer ndi Pop3Server.
Zipika zingathandizenso pofufuza zochitika zachitetezo chazidziwitso. Tiyeni tione chitsanzo chapadera. Pa Seputembara 20, m'modzi mwa ogwira nawo ntchito adatumiza kalata yomwe ili ndi kachilomboka kwa kasitomala. Zotsatira zake, zomwe zili pakompyuta ya kasitomala zidasungidwa. Komabe, wantchitoyo amalumbira kuti sanatumize kalikonse. Monga gawo la kafukufuku wokhudza zomwe zachitikazi, achitetezo amabizinesi amapempha kwa woyang'anira makina zipika zamaseva a Seputembara 20 okhudzana ndi wogwiritsa ntchito akufufuzidwa. Chifukwa cha sitampu ya nthawi, woyang'anira dongosolo amapeza fayilo yolembera yofunikira, amachotsa zofunikira ndikuzitumiza kwa akatswiri achitetezo. Iwo, nawonso, amayang'ana mkati mwake ndikupeza kuti adilesi ya IP yomwe kalatayi idatumizidwa ikufanana ndi adilesi ya IP ya kompyuta ya wogwiritsa ntchito. Zithunzi za CCTV zidatsimikizira kuti wogwira ntchitoyo anali pantchito yake pomwe kalatayo idatumizidwa. Deta iyi inali yokwanira kumuimba mlandu wophwanya malamulo achitetezo azidziwitso ndikumuchotsa ntchito.
Chitsanzo chochotsa zolemba za imodzi mwa akaunti kuchokera ku Mailbox.log lowani mufayilo ina
Chilichonse chimakhala chovuta kwambiri zikafika pazomangamanga zamaseva ambiri. Popeza zipika zimasonkhanitsidwa kwanuko, kugwira nawo ntchito m'malo opangira ma seva ambiri ndikovuta kwambiri ndipo chifukwa chake pamafunika kukhazikitsa pakati kusonkhanitsa zipika. Izi zitha kuchitika pokhazikitsa wolandila kuti asonkhanitse zipika. Palibe chifukwa chowonjezera chothandizira odzipereka ku zomangamanga. Seva yamakalata iliyonse imatha kukhala ngati njira yosonkhanitsira zipika. Kwa ife, iyi idzakhala Mailstore01 node.
Pa seva iyi tiyenera kuyika malamulo awa:
sudo su β zimbra
zmcontrol stop
exit
sudo /opt/zimbra/libexec/zmfixperms -e -vSinthani fayilo /etc/sysconfig/rsyslog, ndikukhazikitsa SYSLOGD_OPTIONS=β-r -c 2β³
Sinthani /etc/rsyslog.conf ndikusintha mizere iyi:
$ModLoad imudp
$UDPServerRun 514
Lowetsani malamulo awa:
sudo /etc/init.d/rsyslog stop
sudo /etc/init.d/rsyslog start
sudo su β zimbra
zmcontrol start
exit
sudo /opt/zimbra/libexec/zmloggerinit
sudo /opt/zimbra/bin/zmsshkeygen
sudo /opt/zimbra/bin/zmupdateauthkeysMutha kuwona kuti zonse zikuyenda pogwiritsa ntchito lamulo zmprov gacf | grep zimbraLogHostname. Pambuyo pochita lamuloli, dzina la wolandira amene amasonkhanitsa zipika liyenera kuwonetsedwa. Kuti musinthe, muyenera kulowa lamulo zmprov mcf zimbraLogHostname mailstore01.company.ru.
Pa maseva ena onse a zomangamanga (LDAP, MTA ndi masitolo ena a makalata), yendetsani lamulo zmprov gacf |grep zimbraLogHostname kuti muwone dzina la mwiniwakeyo kumene zolembazo zimatumizidwa. Kuti musinthe, mutha kulowanso lamulo zmprov mcf zimbraLogHostname mailstore01.company.ru
Muyeneranso kuyika malamulo otsatirawa pa seva iliyonse:
sudo su - zimbra
/opt/zimbra/bin/zmsshkeygen
/opt/zimbra/bin/zmupdateauthkeys
exit
sudo /opt/zimbra/libexec/zmsyslogsetup
sudo service rsyslog restart
sudo su - zimbra
zmcontrol restartPambuyo pa izi, zipika zonse zidzajambulidwa pa seva yomwe mwatchula, pomwe zitha kuwonedwa mosavuta. Komanso, mu Zimbra OSE administrator console, pawindo lomwe lili ndi chidziwitso cha ma seva, ntchito ya Logger yothamanga idzawonetsedwa pa seva ya mailstore01 yokha.
Mutu wina kwa woyang'anira ukhoza kukhala kusunga imelo yeniyeni. Popeza maimelo ku Zimbra OSE amadutsa muzochitika zingapo zosiyanasiyana nthawi imodzi: kusanthula ndi antivayirasi, antispam, ndi zina zotero, asanavomerezedwe kapena kutumizidwa, kwa woyang'anira, ngati imelo sifika, zingakhale zovuta kufufuza kuti ndi liti. idatayika .
Kuti muthane ndi vutoli, mutha kugwiritsa ntchito script yapadera, yomwe idapangidwa ndi katswiri wachitetezo chazidziwitso Viktor Dukhovny ndipo adalimbikitsidwa kuti agwiritsidwe ntchito ndi opanga Postfix. Cholemba ichi chimagwirizanitsa zolembera kuchokera ku zipika za ndondomeko yeniyeni ndipo, chifukwa cha izi, zimakulolani kuti muwonetse mwamsanga zolemba zonse zokhudzana ndi kutumiza chilembo china kutengera chizindikiritso chake. Ntchito yake yayesedwa pamitundu yonse ya Zimbra OSE, kuyambira 8.7. Nawa malemba a script.
#! /usr/bin/perl
use strict;
use warnings;
# Postfix delivery agents
my @agents = qw(discard error lmtp local pipe smtp virtual);
my $instre = qr{(?x)
A # Absolute line start
(?:S+ s+){3} # Timestamp, adjust for other time formats
S+ s+ # Hostname
(postfix(?:-[^/s]+)?) # Capture instance name stopping before first '/'
(?:/S+)* # Optional non-captured '/'-delimited qualifiers
/ # Final '/' before the daemon program name
};
my $cmdpidre = qr{(?x)
G # Continue from previous match
(S+)[(d+)]:s+ # command[pid]:
};
my %smtpd;
my %smtp;
my %transaction;
my $i = 0;
my %seqno;
my %isagent = map { ($_, 1) } @agents;
while (<>) {
next unless m{$instre}ogc; my $inst = $1;
next unless m{$cmdpidre}ogc; my $command = $1; my $pid = $2;
if ($command eq "smtpd") {
if (m{Gconnect from }gc) {
# Start new log
$smtpd{$pid}->{"log"} = $_; next;
}
$smtpd{$pid}->{"log"} .= $_;
if (m{G(w+): client=}gc) {
# Fresh transaction
my $qid = "$inst/$1";
$smtpd{$pid}->{"qid"} = $qid;
$transaction{$qid} = $smtpd{$pid}->{"log"};
$seqno{$qid} = ++$i;
next;
}
my $qid = $smtpd{$pid}->{"qid"};
$transaction{$qid} .= $_
if (defined($qid) && exists $transaction{$qid});
delete $smtpd{$pid} if (m{Gdisconnect from}gc);
next;
}
if ($command eq "pickup") {
if (m{G(w+): uid=}gc) {
my $qid = "$inst/$1";
$transaction{$qid} = $_;
$seqno{$qid} = ++$i;
}
next;
}
# bounce(8) logs transaction start after cleanup(8) already logged
# the message-id, so the cleanup log entry may be first
#
if ($command eq "cleanup") {
next unless (m{G(w+): }gc);
my $qid = "$inst/$1";
$transaction{$qid} .= $_;
$seqno{$qid} = ++$i if (! exists $seqno{$qid});
next;
}
if ($command eq "qmgr") {
next unless (m{G(w+): }gc);
my $qid = "$inst/$1";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $_;
if (m{Gremoved$}gc) {
print delete $transaction{$qid}, "n";
}
}
next;
}
# Save pre-delivery messages for smtp(8) and lmtp(8)
#
if ($command eq "smtp" || $command eq "lmtp") {
$smtp{$pid} .= $_;
if (m{G(w+): to=}gc) {
my $qid = "$inst/$1";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $smtp{$pid};
}
delete $smtp{$pid};
}
next;
}
if ($command eq "bounce") {
if (m{G(w+): .*? notification: (w+)$}gc) {
my $qid = "$inst/$1";
my $newid = "$inst/$2";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $_;
}
$transaction{$newid} =
$_ . $transaction{$newid};
$seqno{$newid} = ++$i if (! exists $seqno{$newid});
}
next;
}
if ($isagent{$command}) {
if (m{G(w+): to=}gc) {
my $qid = "$inst/$1";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $_;
}
}
next;
}
}
# Dump logs of incomplete transactions.
foreach my $qid (sort {$seqno{$a} <=> $seqno{$b}} keys %transaction) {
print $transaction{$qid}, "n";
}Zolembazo zimalembedwa ku Perl ndipo kuti muyigwiritse ntchito muyenera kuisunga ku fayilo phatikiza.pl, pangani kuti ikwaniritsidwe, ndiyeno yendetsani fayilo yomwe ikufotokoza fayilo ya chipika ndikugwiritsa ntchito pgrep kuti mutulutse zidziwitso za chilembo chomwe mukufuna. Collate.pl /var/log/zimbra.log | pgrep '[imelo ndiotetezedwa]>β. Chotsatiracho chidzakhala zotsatira zotsatizana za mizere yomwe ili ndi chidziwitso chokhudza kayendetsedwe ka kalata pa seva.
# collate.pl /var/log/zimbra.log | pgrep '<[email protected]>'
Oct 13 10:17:00 mail postfix/pickup[4089]: 4FF14284F45: uid=1034 from=********
Oct 13 10:17:00 mail postfix/cleanup[26776]: 4FF14284F45: message-id=*******
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: from=********, size=1387, nrcpt=1 (queue active)
Oct 13 10:17:00 mail postfix/smtp[7516]: Anonymous TLS connection established to mail.*******[168.*.*.4]:25: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:00 mail postfix/smtp[7516]: 4FF14284F45: to=*********, relay=mail.*******[168.*.*.4]:25, delay=0.25, delays=0.02/0.02/0.16/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 878833424CF)
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: removed
Oct 13 10:17:07 mail postfix/smtpd[21777]: connect from zimbra.******[168.*.*.4]
Oct 13 10:17:07 mail postfix/smtpd[21777]: Anonymous TLS connection established from zimbra.******[168.*.*.4]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:08 mail postfix/smtpd[21777]: 0CB69282F4E: client=zimbra.******[168.*.*.4]
Oct 13 10:17:08 mail postfix/cleanup[26776]: 0CB69282F4E: message-id=zimbra.******
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: from=zimbra.******, size=3606, nrcpt=1 (queue active)
Oct 13 10:17:08 mail postfix/virtual[5291]: 0CB69282F4E: to=zimbra.******, orig_to=zimbra.******, relay=virtual, delay=0.03, delays=0.02/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: removedPamafunso onse okhudzana ndi Zextras Suite, mutha kulumikizana ndi Woimira Zextras Ekaterina Triandafilidi ndi imelo. [imelo ndiotetezedwa]
Source: www.habr.com