Ho rengoa ha liketsahalo tsohle tse etsahalang ke o mong oa mesebetsi ea bohlokoahali tsamaisong efe kapa efe ea khoebo. Li-log li u lumella ho rarolla mathata a hlahang, ho lekola ts'ebetso ea lits'ebetso tsa tlhahisoleseling, hape le ho etsa lipatlisiso ka liketsahalo tsa ts'ireletso ea tlhahisoleseling. Zimbra OSE e boetse e boloka lintlha tse qaqileng tsa ts'ebetso ea eona. Li kenyelletsa data eohle ho tloha ts'ebetsong ea seva ho isa ho ho romella le ho amohela mangolo-tsoibila ke basebelisi. Leha ho le joalo, ho bala likutu tse hlahisitsoeng ke Zimbra OSE ke mosebetsi o seng bobebe. Sehloohong sena, re sebelisa mohlala o itseng, re tla u bolella mokhoa oa ho bala li-logs tsa Zimbra OSE, hammoho le mokhoa oa ho li etsa bohareng.
Zimbra OSE e boloka lits'oants'o tsohle tsa lehae ka har'a /opt/zimbra/log foldareng, 'me lintlha li ka fumanoa hape ho file ea /var/log/zimbra.log. Ea bohlokoa ka ho fetisisa ho tsena ke mailbox.log. E tlaleha liketso tsohle tse hlahang ho seva sa poso. Tsena li kenyelletsa phetiso ea mangolo-tsoibila, lintlha tsa netefatso ea basebelisi, liteko tse hlolehileng tsa ho kena, le tse ling. Kenyelletso ho mailbox.log ke khoele ea mongolo e nang le nako eo ketsahalo e etsahetseng ka eona, boemo ba ketsahalo, nomoro ea mohala eo ketsahalo e etsahetseng ho eona, lebitso la mosebelisi le aterese ea IP, hammoho le tlhaloso ea mongolo ea ketsahalo. .
Boemo ba log bo bontša tekanyo ea tšusumetso ea ketsahalo mosebetsing oa seva. Ka tloaelo ho na le maemo a 4 a liketsahalo: INFO, WARN, ERROR le FATAL. Ha re shebeng maemo ohle ka tatellano e ntseng e eketseha ea boima.
- INFO - Liketsahalo tsa boemo bona hangata li reretsoe ho tsebisa ka tsoelopele ea Zimbra OSE. Melaetsa boemong bona e kenyelletsa litlaleho tsa ho etsoa kapa ho hlakoloa ha poso, joalo-joalo.
- HLOKOMELA - liketsahalo tsa boemo bona li tsebisa ka maemo a ka bang kotsi, empa a sa ame ts'ebetso ea seva. Mohlala, boemo ba TEMOSO bo tšoaea molaetsa o mabapi le teko e hlōlehileng ea ho kena ha mosebelisi.
- ERROR - boemo bona ba ketsahalo ho logi bo fana ka tsebiso mabapi le ho hlaha ha phoso e leng sebakeng sa lehae mme e sa kena-kenane le ts'ebetso ea seva. Boemo bona bo ka tšoaea phoso eo ho eona index ea mosebelisi e senyehileng.
- FATAL - boemo bona bo bontša liphoso tseo seva e ke keng ea tsoela pele ho sebetsa ka mokhoa o tloaelehileng. Ka mohlala, boemo ba FATAL e tla ba bakeng sa rekoto e bontšang ho se khone ho hokahanya le DBMS.
Faele ea log server ea mangolo e nchafatsoa letsatsi le leng le le leng. Mofuta oa morao-rao oa faele o lula o e-na le lebitso la Mailbox.log, athe li-log tsa letsatsi le itseng li na le letsatsi ka lebitso mme li fumaneha polokelong ea litaba. Ka mohlala mailbox.log.2020-09-29.tar.gz. Sena se etsa hore ho be bonolo haholo ho boloka litlaleho tsa ts'ebetso le ho batla ka har'a litlaleho.
Bakeng sa boiketlo ba mookameli oa tsamaiso, foldara ea /opt/zimbra/log/ e na le lintlha tse ling. Li kenyelletsa feela likenyelletso tse amanang le likarolo tse itseng tsa Zimbra OSE. Mohlala, audit.log e na le lirekoto feela mabapi le netefatso ea basebelisi, clamd.log e na le data mabapi le ts'ebetso ea antivirus, joalo-joalo. Ka tsela, mokhoa o babatsehang oa ho sireletsa seva sa Zimbra OSE ho bahlaseli ke , e sebetsang feela ho latela audit.log. Hape ke mokhoa o motle oa ho eketsa mosebetsi oa cron ho phethahatsa taelo grep -ir "password e sa sebetseng" /opt/zimbra/log/audit.logho fumana tlhaiso-leseling ea letsatsi le letsatsi ea ho hloleha ho kena.
Mohlala oa kamoo audit.log e bonts'ang phasewete e kentsoeng ka phoso habeli le teko e atlehileng ea ho kena.
Logs in Zimbra OSE e ka thusa haholo ho tseba lisosa tsa liphoso tse fapaneng tse tebileng. Nakong eo phoso e tebileng e hlahang, hangata mookameli ha a na nako ea ho bala li-log. Hoa hlokahala ho tsosolosa seva kapele kamoo ho ka khonehang. Leha ho le joalo, hamorao, ha seva se khutlisetsoa morao 'me se hlahisa li-log tse ngata, ho ka ba thata ho fumana ho kena ho hlokahalang ka faele e kholo. E le hore u fumane ka potlako tlaleho ea phoso, ho lekane ho tseba nako eo seva e ileng ea tsosolosoa ka eona le ho fumana ho kena ka har'a li-logs ho tloha nakong ena. Keno e fetileng e tla ba tlaleho ea phoso e etsahetseng. U ka boela ua fumana molaetsa oa phoso ka ho batla lebitso la sehlooho FATAL.
Li-logs tsa Zimbra OSE li boetse li u lumella ho tseba ho hloleha ho sa hlokahaleng. Mohlala, ho fumana mekhelo ea sebatli, o ka batla mokhethoa oa motho ea sebetsang. Hangata, liphoso tse hlahisoang ke bahlokomeli li tsamaisana le seketsoana se hlalosang se bakileng mokhelo. Haeba ho na le liphoso mabapi le ho tsamaisa mangolo, u lokela ho qala patlo ea hau ka lebitso la sehlooho la LmtpServer, le ho batla liphoso tse amanang le liprothokholo tsa POP kapa IMAP, u ka sebelisa mantsoe a bohlokoa a ImapServer le Pop3Server.
Li-log li ka boela tsa thusa ha ho batlisisoa liketsahalo tsa ts'ireletso ea tlhahisoleseling. A re hlahlobeng mohlala o itseng. Ka la 20 Loetse, e mong oa basebetsi o ile a romella moreki lengolo le nang le kokoana-hloko. Ka lebaka leo, data e k'homphieutheng ea moreki e ile ea ngolisoa. Leha ho le joalo, mosebetsi o hlapanya hore ha aa romela letho. E le karolo ea lipatlisiso mabapi le ketsahalo ena, ts'ebeletso ea ts'ireletso ea khoebo e kopa ho tsoa ho molaoli oa sistimi li-server tsa poso bakeng sa la 20 Loetse tse amanang le mosebelisi ea ntseng a hlahlojoa. Ka lebaka la setempe sa nako, molaoli oa sistimi o fumana faele e hlokahalang ea log, a ntša tlhahisoleseling e hlokahalang ebe o e fetisetsa ho litsebi tsa ts'ireletso. Bao, ka lehlakoreng le leng, ba e sheba 'me ba fumana hore aterese ea IP eo lengolo lena le rometsoeng ho eona e lumellana le aterese ea IP ea k'homphieutha ea mosebedisi. Litšoantšo tsa CCTV li netefalitse hore mosebeletsi o ne a le mosebetsing oa hae ha lengolo le romelloa. Lintlha tsena li ne li lekane ho mo qosa ka ho tlōla melao ea tšireletso ea tlhahisoleseding le ho mo leleka.
Mohlala oa ho ntša litlaleho tse mabapi le e 'ngoe ea li-account ho tsoa ho Mailbox.log kena faeleng e fapaneng
Ntho e 'ngoe le e' ngoe e ba thata le ho feta ha ho tluoa tabeng ea lisebelisoa tsa lisebelisoa tse ngata. Kaha lits'oants'o li bokelloa sebakeng sa heno, ho sebetsa le bona ka har'a lisebelisoa tsa li-server tse ngata ha ho bonolo haholo, ka hona ho hlokahala hore ho behoe pokello ea lits'oants'o. Sena se ka etsoa ka ho theha moamoheli ho bokella likutu. Ha ho na tlhoko e khethehileng ea ho eketsa moamoheli ea inehetseng ho meralo ea motheo. Seva efe kapa efe ea lengolo-tsoibila e ka sebetsa joalo ka node ea ho bokella lintlha. Tabeng ea rona, ena e tla ba node ea Mailstore01.
Ho seva sena re hloka ho kenya litaelo tse ka tlase:
sudo su – zimbra
zmcontrol stop
exit
sudo /opt/zimbra/libexec/zmfixperms -e -vFetola faele ea /etc/sysconfig/rsyslog, ebe u beha SYSLOGD_OPTIONS=”-r -c 2″
Fetola /etc/rsyslog.conf 'me u tlose mela e latelang:
$ModLoad imudp
$UDPServerRun 514
Kenya litaelo tse latelang:
sudo /etc/init.d/rsyslog stop
sudo /etc/init.d/rsyslog start
sudo su – zimbra
zmcontrol start
exit
sudo /opt/zimbra/libexec/zmloggerinit
sudo /opt/zimbra/bin/zmsshkeygen
sudo /opt/zimbra/bin/zmupdateauthkeysU ka hlahloba hore na ntho e 'ngoe le e' ngoe e sebetsa ka ho sebelisa taelo ea zmprov gacf | grep zimbraLogHostname. Ka mor'a ho phethahatsa taelo, lebitso la moeti ea bokellang li-log le lokela ho bontšoa. E le hore u e fetole, u tlameha ho kenya taelo zmprov mcf zimbraLogHostname mailstore01.company.ru.
Ho li-server tse ling kaofela tsa litšebeletso tsa motheo (LDAP, MTA le mabenkele a mang a mangolo), tsamaisa taelo zmprov gacf |grep zimbraLogHostname ho bona lebitso la mong'a ntlo moo lintlha li romeloang teng. Ho e fetola, o ka kenya hape taelo zmprov mcf zimbraLogHostname mailstore01.company.ru
U tlameha hape ho kenya litaelo tse latelang ho seva ka seng:
sudo su - zimbra
/opt/zimbra/bin/zmsshkeygen
/opt/zimbra/bin/zmupdateauthkeys
exit
sudo /opt/zimbra/libexec/zmsyslogsetup
sudo service rsyslog restart
sudo su - zimbra
zmcontrol restartKamora sena, lits'oants'o tsohle li tla ngolisoa ho seva seo u se boletseng, moo li ka bonoang habonolo. Hape, ho Zimbra OSE administrator console, skrineng se nang le tlhahisoleseding e mabapi le boemo ba li-server, tšebeletso ea Logger e sebetsang e tla bontšoa feela bakeng sa seva sa mailstore01.
Hlooho e 'ngoe bakeng sa motsamaisi e ka ba ho boloka tlaleho ea lengolo-tsoibila le itseng. Kaha mangolo-tsoibila a Zimbra OSE a feta liketsahalong tse 'maloa tse fapaneng ka nako e le ngoe: ho hlahlojoa ka antivirus, antispam, joalo-joalo, pele a amoheloa kapa a romelloa, bakeng sa motsamaisi, haeba lengolo-tsoibila le sa fihle, ho ka ba thata haholo ho fumana hore na ke mohato ofe. e ne e lahlehile .
E le hore u rarolle bothata bona, u ka sebelisa script e khethehileng, e entsoeng ke setsebi sa ts'ireletso ea tlhahisoleseding Viktor Dukhovny 'me e khothalletsoa hore e sebelisoe ke baetsi ba Postfix. Sengoloa sena se kopanya likenyo tse tsoang ho li-log bakeng sa ts'ebetso e itseng, 'me, ka lebaka la sena, se u lumella ho bonts'a ka potlako lingoloa tsohle tse amanang le ho romella lengolo le itseng ho latela sekhetho sa lona. Mosebetsi oa eona o lekoa liphetolelong tsohle tsa Zimbra OSE, ho tloha ho 8.7. Mona ke mongolo oa script.
#! /usr/bin/perl
use strict;
use warnings;
# Postfix delivery agents
my @agents = qw(discard error lmtp local pipe smtp virtual);
my $instre = qr{(?x)
A # Absolute line start
(?:S+ s+){3} # Timestamp, adjust for other time formats
S+ s+ # Hostname
(postfix(?:-[^/s]+)?) # Capture instance name stopping before first '/'
(?:/S+)* # Optional non-captured '/'-delimited qualifiers
/ # Final '/' before the daemon program name
};
my $cmdpidre = qr{(?x)
G # Continue from previous match
(S+)[(d+)]:s+ # command[pid]:
};
my %smtpd;
my %smtp;
my %transaction;
my $i = 0;
my %seqno;
my %isagent = map { ($_, 1) } @agents;
while (<>) {
next unless m{$instre}ogc; my $inst = $1;
next unless m{$cmdpidre}ogc; my $command = $1; my $pid = $2;
if ($command eq "smtpd") {
if (m{Gconnect from }gc) {
# Start new log
$smtpd{$pid}->{"log"} = $_; next;
}
$smtpd{$pid}->{"log"} .= $_;
if (m{G(w+): client=}gc) {
# Fresh transaction
my $qid = "$inst/$1";
$smtpd{$pid}->{"qid"} = $qid;
$transaction{$qid} = $smtpd{$pid}->{"log"};
$seqno{$qid} = ++$i;
next;
}
my $qid = $smtpd{$pid}->{"qid"};
$transaction{$qid} .= $_
if (defined($qid) && exists $transaction{$qid});
delete $smtpd{$pid} if (m{Gdisconnect from}gc);
next;
}
if ($command eq "pickup") {
if (m{G(w+): uid=}gc) {
my $qid = "$inst/$1";
$transaction{$qid} = $_;
$seqno{$qid} = ++$i;
}
next;
}
# bounce(8) logs transaction start after cleanup(8) already logged
# the message-id, so the cleanup log entry may be first
#
if ($command eq "cleanup") {
next unless (m{G(w+): }gc);
my $qid = "$inst/$1";
$transaction{$qid} .= $_;
$seqno{$qid} = ++$i if (! exists $seqno{$qid});
next;
}
if ($command eq "qmgr") {
next unless (m{G(w+): }gc);
my $qid = "$inst/$1";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $_;
if (m{Gremoved$}gc) {
print delete $transaction{$qid}, "n";
}
}
next;
}
# Save pre-delivery messages for smtp(8) and lmtp(8)
#
if ($command eq "smtp" || $command eq "lmtp") {
$smtp{$pid} .= $_;
if (m{G(w+): to=}gc) {
my $qid = "$inst/$1";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $smtp{$pid};
}
delete $smtp{$pid};
}
next;
}
if ($command eq "bounce") {
if (m{G(w+): .*? notification: (w+)$}gc) {
my $qid = "$inst/$1";
my $newid = "$inst/$2";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $_;
}
$transaction{$newid} =
$_ . $transaction{$newid};
$seqno{$newid} = ++$i if (! exists $seqno{$newid});
}
next;
}
if ($isagent{$command}) {
if (m{G(w+): to=}gc) {
my $qid = "$inst/$1";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $_;
}
}
next;
}
}
# Dump logs of incomplete transactions.
foreach my $qid (sort {$seqno{$a} <=> $seqno{$b}} keys %transaction) {
print $transaction{$qid}, "n";
}Sengoloa se ngotsoe ka Perl mme ho se tsamaisa o hloka ho se boloka faeleng kopanya.pl, etsa hore e phethahale, ebe o tsamaisa faele e hlalosang faele ea log le ho sebelisa pgrep ho ntša lintlha tsa boitsebiso ba lengolo leo u le batlang. Collate.pl /var/log/zimbra.log | pgrep[imeile e sirelelitsoe]>’. Sephetho e tla ba tlhahiso e latellanang ea mela e nang le tlhahisoleseding mabapi le ho tsamaea ha lengolo ho seva.
# collate.pl /var/log/zimbra.log | pgrep '<[email protected]>'
Oct 13 10:17:00 mail postfix/pickup[4089]: 4FF14284F45: uid=1034 from=********
Oct 13 10:17:00 mail postfix/cleanup[26776]: 4FF14284F45: message-id=*******
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: from=********, size=1387, nrcpt=1 (queue active)
Oct 13 10:17:00 mail postfix/smtp[7516]: Anonymous TLS connection established to mail.*******[168.*.*.4]:25: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:00 mail postfix/smtp[7516]: 4FF14284F45: to=*********, relay=mail.*******[168.*.*.4]:25, delay=0.25, delays=0.02/0.02/0.16/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 878833424CF)
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: removed
Oct 13 10:17:07 mail postfix/smtpd[21777]: connect from zimbra.******[168.*.*.4]
Oct 13 10:17:07 mail postfix/smtpd[21777]: Anonymous TLS connection established from zimbra.******[168.*.*.4]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:08 mail postfix/smtpd[21777]: 0CB69282F4E: client=zimbra.******[168.*.*.4]
Oct 13 10:17:08 mail postfix/cleanup[26776]: 0CB69282F4E: message-id=zimbra.******
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: from=zimbra.******, size=3606, nrcpt=1 (queue active)
Oct 13 10:17:08 mail postfix/virtual[5291]: 0CB69282F4E: to=zimbra.******, orig_to=zimbra.******, relay=virtual, delay=0.03, delays=0.02/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: removedBakeng sa lipotso tsohle tse amanang le Zextras Suite, o ka ikopanya le Moemeli oa Zextras Ekaterina Triandafilidi ka imeile [imeile e sirelelitsoe]
Source: www.habr.com