O le fa'amauina o mea uma e tutupu o se tasi lea o galuega sili ona taua a so'o se faiga fa'apisinisi. Logs e mafai ai e oe ona foia faʻafitauli o loʻo tulaʻi mai, suʻesuʻe le faʻaogaina o faiga faʻamatalaga, ma suʻesuʻe foi faʻamatalaga saogalemu faʻalavelave. O le Zimbra OSE o lo'o fa'atumauina fo'i fa'amaumauga auiliili o lana fa'agaioiga. Latou te aofia uma faʻamatalaga mai le faʻatinoga o le server i le lafoina ma le mauaina o imeli e tagata faʻaoga. Ae ui i lea, o le faitauina o ogalaau na faia e Zimbra OSE o se galuega e le taua. I totonu o lenei tusiga, faʻaaogaina se faʻataʻitaʻiga faʻapitoa, matou te taʻu atu ia te oe le auala e faitau ai Zimbra OSE logs, faʻapea foʻi ma le auala e faʻaogaina ai.
Zimbra OSE teuina uma ogalaau i le lotoifale i le /opt/zimbra/log folder, ma ogalaau e mafai foi ona maua i le /var/log/zimbra.log faila. Ole mea pito sili ona taua ole mailbox.log. E fa'amauina uma gaioiga e tutupu i luga o le meli meli. O nei mea e aofia ai le faʻasalalauina o imeli, faʻamatalaga faʻamaoniga a le tagata faʻaoga, faʻaletonu taumafaiga faʻaoga, ma isi. O faʻamaumauga i le mailbox.log o se manoa tusitusi e aofia ai le taimi na tupu ai le mea na tupu, le maualuga o le mea na tupu, le numera filo na tupu ai le mea na tupu, le igoa o le tagata faʻaoga ma le tuatusi IP, faʻapea foʻi ma se faʻamatalaga tusitusia o le mea na tupu. .
O le log level o lo'o fa'ailoa mai ai le maualuga o le a'afiaga o le mea na tupu ile fa'agaioiga a le server. Ile faaletonu e 4 tulaga o mea tutupu: INFO, WARN, ERROR ma FATAL. Se'i o tatou va'ava'ai i la'asaga uma i le fa'atuputeleina o le fa'atonuga.
- INFO - O mea na tutupu i lenei tulaga e masani ona faʻamoemoe e faʻaalia ai le alualu i luma o Zimbra OSE. O fe'au i lenei tulaga e aofia ai lipoti i le fausiaina po'o le tapeina o se pusameli, ma isi.
- WARN - mea o loʻo tutupu i lenei tulaga faʻamatalaga e uiga i tulaga e ono lamatia, ae le afaina ai le faʻaogaina o le server. Mo se faʻataʻitaʻiga, o le WARN tulaga e faʻailogaina ai se feʻau e uiga i se taumafaiga e faʻaoga tagata faʻaoga le manuia.
- ERROR - o lenei tulaga tulaga i totonu o le ogalaau e logoina e uiga i le tupu mai o se mea sese i le lotoifale i le natura ma e le faʻalavelave i le faʻaogaina o le server. Ole la'asaga lea e mafai ona fa'ailogaina se mea sese ua fa'aleagaina ai fa'amaumauga fa'asino a se tagata fa'aoga.
- FATAL - o lenei tulaga o loʻo faʻaalia ai mea sese e mafua ai ona le mafai e le 'auʻaunaga ona faʻaauau pea le faʻagaioia masani. Mo se faʻataʻitaʻiga, o le FATAL tulaga o le a mo se faʻamaumauga e faʻaalia ai le le mafai ona faʻafesoʻotaʻi i le DBMS.
O lo'o fa'afou le faila log server i aso uma. O le lomiga fou o le faila e iai lava le igoa Mailbox.log, ae o ogalaau mo se aso patino e iai le aso i le igoa ma o loʻo i totonu o le archive. Mo se fa'ata'ita'iga mailbox.log.2020-09-29.tar.gz. Ole mea lea e fa'afaigofie atili ai le fa'asaoina o ogalaau o gaioiga ma su'esu'e i ogalaau.
Mo le faʻaogaina o le pule o le polokalama, o le /opt/zimbra/log/ folder o loʻo i ai isi ogalaau. Latou te aofia ai na o faʻamaumauga e fesoʻotaʻi ma elemene patino Zimbra OSE. Mo se faʻataʻitaʻiga, audit.log o loʻo i ai naʻo faʻamaumauga e uiga i le faʻamaoniga a le tagata, clamd.log o loʻo iai faʻamatalaga e uiga i le faʻaogaina o le antivirus, ma isi. I le auala, o se auala sili ona lelei e puipuia ai le Zimbra OSE server mai tagata faʻalavelave , lea e na'o le galue e fa'atatau ile audit.log. Ose faiga lelei fo'i le fa'aopoopoina o se galuega cron e fa'atino ai le fa'atonuga grep -ir "fa'aupuga le aoga" /opt/zimbra/log/audit.loge maua ai fa'amatalaga fa'alilolilo i aso ta'itasi.
O se fa'ata'ita'iga pe fa'apefea ona fa'aalia e audit.log se upu fa'alua na tu'i sese ma se taumafaiga e saini manuia.
Fa'amau i le Zimbra OSE e mafai ona aoga tele i le fa'ailoaina o mafua'aga o fa'aletonu mata'utia eseese. I le taimi e tupu ai se mea sese matuia, e masani lava ona leai se taimi o le pule e faitau ai ogalaau. E manaʻomia le toe faʻaleleia o le server i se taimi vave e mafai ai. Ae ui i lea, mulimuli ane, pe a toe foʻi le 'auʻaunaga ma faʻatupuina le tele o ogalaau, e mafai ona faigata ona maua le mea e manaʻomia i totonu o se faila tele. Ina ia vave maua se faʻamaumauga sese, ua lava le iloa o le taimi na toe amata ai le server ma maua se faʻamatalaga i totonu o ogalaau e amata mai i le taimi nei. O le tala muamua o le a avea ma faamaumauga o le mea sese na tupu. E mafai foi ona e mauaina le savali sese e ala i le suʻeina o le upu FATAL.
O fa'amaumauga a le Zimbra OSE e fa'atagaina ai fo'i oe e fa'ailoa ni fa'aletonu e le o ni fa'alavelave. Mo se faʻataʻitaʻiga, e suʻe tuusaunoaga a le au faʻatau, e mafai ona e suʻeina se faʻamaʻi ese. O le tele o taimi, o mea sese e fa'atupuina e le au fa'atonu e fa'atasi ma se fa'aputuga fa'asologa e fa'amatala ai le mea na mafua ai le fa'alavelave. I tulaga o mea sese i le lafoina o meli, e tatau ona e amata lau sailiga ile LmtpServer keyword, ma e suʻe mea sese e fesoʻotaʻi ma le POP poʻo le IMAP protocols, e mafai ona e faʻaogaina le ImapServer ma Pop3Server keywords.
E mafai fo'i ona fesoasoani fa'amaumauga pe a su'esu'eina fa'amatalaga tau puipuiga. Seʻi o tatou vaavaai i se faaaʻoaʻoga patino. I le aso 20 o Setema, na auina atu ai e se tasi o tagata faigaluega se tusi na aʻafia i le siama i le tagata o tausia. O se taunuuga, o faʻamatalaga i luga o le komepiuta a le kalani na faʻailoga. Ae ui i lea, ua tauto le tagata faigaluega na te leʻi auina atu se mea. I le avea ai o se vaega o le suʻesuʻega i le mea na tupu, o loʻo talosagaina e le 'auʻaunaga mo le puipuiga o atinaʻe mai le pule o le polokalama le faʻamaumauga o meli mo Setema 20 e fesoʻotaʻi ma le tagata faʻaoga o loʻo suʻesuʻeina. Faʻafetai i le time stamp, e maua e le pule o le polokalama le faila ogalaau e manaʻomia, aveese faʻamatalaga talafeagai ma tuʻuina atu i tagata tomai faapitoa i le puipuiga. O i latou, i le isi itu, vaʻavaʻai i ai ma iloa ai o le tuatusi IP na lafo mai ai lenei tusi e fetaui ma le tuatusi IP o le komepiuta a le tagata faʻaoga. O fa’amaumauga a le CCTV na fa’amaonia mai ai o le tagata faigaluega sa i lona fale faigaluega i le taimi na lafo ai le tusi. O nei faʻamatalaga na lava lea e tuʻuaia ai o ia i le solia o tulafono faʻamatalaga saogalemu ma faʻaumatia o ia.
O se fa'ata'ita'iga o le su'eina o fa'amaumauga e uiga i se tasi o fa'amatalaga mai le Mailbox.log log i se isi faila
O mea uma e sili atu ona faigata pe a oʻo mai i le tele-server infrastructure. Talu ai o ogalaau e aoina i le lotoifale, o le galulue faatasi ma i latou i totonu o le tele-server infrastructure e matua faigata lava ma o lea e manaʻomia ai le faʻaogaina o le aoina o ogalaau. E mafai ona faia lenei mea e ala i le setiina o se talimalo e aoina ogalaau. E leai se manaʻoga faʻapitoa e faʻaopoopo se talimalo tuuto i le atinaʻe. So'o se fa'aumau meli e mafai ona fai o se node mo le aoina o ogalaau. I la matou tulaga, o le mea lea o le Mailstore01 node.
I luga o lenei 'auʻaunaga matou te manaʻomia le ulufale i lalo o tulafono:
sudo su – zimbra
zmcontrol stop
exit
sudo /opt/zimbra/libexec/zmfixperms -e -vFa'asa'o le faila /etc/sysconfig/rsyslog, ma seti le SYSLOGD_OPTIONS =”-r -c 2″
Fa'asa'o /etc/rsyslog.conf ma fa'amuta laina nei:
$ModLoad imudp
$UDPServerRun 514
Ulufale i lalo tulafono nei:
sudo /etc/init.d/rsyslog stop
sudo /etc/init.d/rsyslog start
sudo su – zimbra
zmcontrol start
exit
sudo /opt/zimbra/libexec/zmloggerinit
sudo /opt/zimbra/bin/zmsshkeygen
sudo /opt/zimbra/bin/zmupdateauthkeysE mafai ona e siakiina o loʻo galue mea uma e faʻaaoga ai le poloaiga zmprov gacf | grep zimbraLogHostname. A maeʻa ona faʻatinoina le faʻatonuga, e tatau ona faʻaalia le igoa o le tagata talimalo e aoina ogalaau. Ina ia suia, e tatau ona e ulufale i le poloaiga zmprov mcf zimbraLogHostname mailstore01.company.ru.
I luga o isi 'auʻaunaga faʻapitoa uma (LDAP, MTA ma isi faleoloa meli), faʻataʻitaʻi le poloaiga zmprov gacf |grep zimbraLogHostname e vaʻai i le igoa o le talimalo lea e lafo i ai ogalaau. Ina ia suia, e mafai foi ona e ulufale i le poloaiga zmprov mcf zimbraLogHostname mailstore01.company.ru
E tatau foi ona e ulufale i tulafono nei i luga o server taitasi:
sudo su - zimbra
/opt/zimbra/bin/zmsshkeygen
/opt/zimbra/bin/zmupdateauthkeys
exit
sudo /opt/zimbra/libexec/zmsyslogsetup
sudo service rsyslog restart
sudo su - zimbra
zmcontrol restartA maeʻa lenei, o ogalaau uma o le a faʻamauina i luga o le 'auʻaunaga na e faʻamaonia, lea e mafai ona vaʻaia lelei. E le gata i lea, i le Zimbra OSE pule faʻamafanafanaga, i luga o le lau ma faʻamatalaga e uiga i le tulaga o sapalai, o le auaunaga Logger o loʻo faʻagaoioia o le a faʻaalia mo na o le mailstore01 server.
O le isi ulu tiga mo se pule e mafai ona siakiina se imeli patino. Talu ai o imeli i Zimbra OSE e alu i le tele o mea eseese i le taimi e tasi: suʻesuʻeina e antivirus, antispam, ma isi, aʻo leʻi taliaina pe auina atu, mo le pule, pe a le oʻo mai le imeli, e mafai ona fai si faʻafitauli e suʻe pe o le a le tulaga. ua leiloa .
Ina ia foia lenei faʻafitauli, e mafai ona e faʻaogaina se tusitusiga faʻapitoa, lea na atiaʻe e le faʻamatalaga faʻapitoa mo le puipuiga o Viktor Dukhovny ma fautuaina mo le faʻaaogaina e Postfix developers. O lenei tusitusiga e tu'ufa'atasia fa'amaumauga mai ogalaau mo se faiga fa'apitoa ma, ona o lea, e mafai ai ona e vave fa'aalia uma fa'amaumauga e feso'ota'i ma le lafoina o se tusi fa'apitoa e fa'atatau i lona fa'ailoaina. O lana galuega na faʻataʻitaʻiina i faʻamatalaga uma o Zimbra OSE, amata mai le 8.7. O le anotusi lea o le tusitusiga.
#! /usr/bin/perl
use strict;
use warnings;
# Postfix delivery agents
my @agents = qw(discard error lmtp local pipe smtp virtual);
my $instre = qr{(?x)
A # Absolute line start
(?:S+ s+){3} # Timestamp, adjust for other time formats
S+ s+ # Hostname
(postfix(?:-[^/s]+)?) # Capture instance name stopping before first '/'
(?:/S+)* # Optional non-captured '/'-delimited qualifiers
/ # Final '/' before the daemon program name
};
my $cmdpidre = qr{(?x)
G # Continue from previous match
(S+)[(d+)]:s+ # command[pid]:
};
my %smtpd;
my %smtp;
my %transaction;
my $i = 0;
my %seqno;
my %isagent = map { ($_, 1) } @agents;
while (<>) {
next unless m{$instre}ogc; my $inst = $1;
next unless m{$cmdpidre}ogc; my $command = $1; my $pid = $2;
if ($command eq "smtpd") {
if (m{Gconnect from }gc) {
# Start new log
$smtpd{$pid}->{"log"} = $_; next;
}
$smtpd{$pid}->{"log"} .= $_;
if (m{G(w+): client=}gc) {
# Fresh transaction
my $qid = "$inst/$1";
$smtpd{$pid}->{"qid"} = $qid;
$transaction{$qid} = $smtpd{$pid}->{"log"};
$seqno{$qid} = ++$i;
next;
}
my $qid = $smtpd{$pid}->{"qid"};
$transaction{$qid} .= $_
if (defined($qid) && exists $transaction{$qid});
delete $smtpd{$pid} if (m{Gdisconnect from}gc);
next;
}
if ($command eq "pickup") {
if (m{G(w+): uid=}gc) {
my $qid = "$inst/$1";
$transaction{$qid} = $_;
$seqno{$qid} = ++$i;
}
next;
}
# bounce(8) logs transaction start after cleanup(8) already logged
# the message-id, so the cleanup log entry may be first
#
if ($command eq "cleanup") {
next unless (m{G(w+): }gc);
my $qid = "$inst/$1";
$transaction{$qid} .= $_;
$seqno{$qid} = ++$i if (! exists $seqno{$qid});
next;
}
if ($command eq "qmgr") {
next unless (m{G(w+): }gc);
my $qid = "$inst/$1";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $_;
if (m{Gremoved$}gc) {
print delete $transaction{$qid}, "n";
}
}
next;
}
# Save pre-delivery messages for smtp(8) and lmtp(8)
#
if ($command eq "smtp" || $command eq "lmtp") {
$smtp{$pid} .= $_;
if (m{G(w+): to=}gc) {
my $qid = "$inst/$1";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $smtp{$pid};
}
delete $smtp{$pid};
}
next;
}
if ($command eq "bounce") {
if (m{G(w+): .*? notification: (w+)$}gc) {
my $qid = "$inst/$1";
my $newid = "$inst/$2";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $_;
}
$transaction{$newid} =
$_ . $transaction{$newid};
$seqno{$newid} = ++$i if (! exists $seqno{$newid});
}
next;
}
if ($isagent{$command}) {
if (m{G(w+): to=}gc) {
my $qid = "$inst/$1";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $_;
}
}
next;
}
}
# Dump logs of incomplete transactions.
foreach my $qid (sort {$seqno{$a} <=> $seqno{$b}} keys %transaction) {
print $transaction{$qid}, "n";
}O loʻo tusia le tusitusiga i Perl ma e faʻatautaia ai e te manaʻomia e teu i se faila collate.pl, fai ia mafai ona faʻatinoina, ona faʻasolo lea o le faila e faʻamaonia ai le faila ogalaau ma faʻaaoga le pgrep e aveese ai faʻamatalaga faʻamatalaga o le tusi o loʻo e sailia collate.pl /var/log/zimbra.log | pgrep '[imeli puipuia]>'. O le taunuuga o le a avea ma se faʻasologa faʻasologa o laina o loʻo i ai faʻamatalaga e uiga i le gaioiga o le tusi i luga o le server.
# collate.pl /var/log/zimbra.log | pgrep '<[email protected]>'
Oct 13 10:17:00 mail postfix/pickup[4089]: 4FF14284F45: uid=1034 from=********
Oct 13 10:17:00 mail postfix/cleanup[26776]: 4FF14284F45: message-id=*******
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: from=********, size=1387, nrcpt=1 (queue active)
Oct 13 10:17:00 mail postfix/smtp[7516]: Anonymous TLS connection established to mail.*******[168.*.*.4]:25: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:00 mail postfix/smtp[7516]: 4FF14284F45: to=*********, relay=mail.*******[168.*.*.4]:25, delay=0.25, delays=0.02/0.02/0.16/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 878833424CF)
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: removed
Oct 13 10:17:07 mail postfix/smtpd[21777]: connect from zimbra.******[168.*.*.4]
Oct 13 10:17:07 mail postfix/smtpd[21777]: Anonymous TLS connection established from zimbra.******[168.*.*.4]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:08 mail postfix/smtpd[21777]: 0CB69282F4E: client=zimbra.******[168.*.*.4]
Oct 13 10:17:08 mail postfix/cleanup[26776]: 0CB69282F4E: message-id=zimbra.******
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: from=zimbra.******, size=3606, nrcpt=1 (queue active)
Oct 13 10:17:08 mail postfix/virtual[5291]: 0CB69282F4E: to=zimbra.******, orig_to=zimbra.******, relay=virtual, delay=0.03, delays=0.02/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: removedMo fesili uma e fesoʻotaʻi ma Zextras Suite, e mafai ona e faʻafesoʻotaʻi le Sui o Zextras Ekaterina Triandafilidi ile imeli [imeli puipuia]
puna: www.habr.com