Ukuloga kuzo zonke iziganeko ezenzekayo ngomnye wemisebenzi ebaluleke kakhulu kuyo nayiphi na inkqubo yequmrhu. Iilogi zikuvumela ukuba usombulule iingxaki ezivelayo, uphicothe ukusebenza kweenkqubo zolwazi, kwaye uphande ngeziganeko zokhuseleko lolwazi. I-Zimbra OSE ikwagcina iilog ezineenkcukacha zokusebenza kwayo. Zibandakanya yonke idatha ukusuka ekusebenzeni kweseva ukuthumela kunye nokufumana ii-imeyile ngabasebenzisi. Nangona kunjalo, ukufunda iilogi ezenziwe yiZimbra OSE ngumsebenzi ongengomsebenzi omncinci. Kweli nqaku, sisebenzisa umzekelo othile, siya kukuxelela indlela yokufunda iilogi ze-Zimbra OSE, kunye nendlela yokuzenza ziphakathi.
I-Zimbra OSE igcina zonke iilogi zendawo kwi-/opt/zimbra/log folder, kwaye iilogi nazo zinokufumaneka kwifayile /var/log/zimbra.log. Eyona nto ibalulekileyo kwezi yi-mailbox.log. Irekhoda zonke iintshukumo ezenzeka kwiseva yemeyile. Ezi ziquka ukuhanjiswa kwee-imeyile, idatha yokuqinisekiswa komsebenzisi, iinzame zokungena ezihlulekile, kunye nezinye. Ungeniso kwibhokisi yeposi.log luluhlu lokubhaliweyo oluqulathe ixesha esenzeka ngalo isiganeko, inqanaba lesiganeko, inombolo yomsonto apho isiganeko senzeke khona, igama lomsebenzisi kunye nedilesi ye-IP, kunye nenkcazo yombhalo wesiganeko. .
Inqanaba lelog libonisa iqondo lempembelelo yesiganeko kumsebenzi womncedisi. Ngokungagqibekanga kukho amanqanaba esiganeko esi-4: INFO, WARN, ERROR and FATAL. Masijonge kuwo onke amanqanaba ngokwandisa ulandelelwano lobunzima.
- ULWAZI-Izehlo ezikweli nqanaba zidla ngokujoliswa ukwazisa ngenkqubela phambili yeZimbra OSE. Imiyalezo ekweli nqanaba iquka iingxelo ekudalweni okanye ekucinyweni kwebhokisi yeposi, njalo njalo.
- ISILUMKISO-iziganeko zale nqanaba zazise malunga neemeko ezinokuthi zibe yingozi, kodwa azichaphazeli ukusebenza komncedisi. Umzekelo, inqanaba le-WARN liphawula umyalezo malunga nomzamo wokungena womsebenzisi ongaphumelelanga.
- I-ERROR - eli nqanaba lesiganeko kwilog yazisa malunga nokwenzeka kwempazamo yendawo yendawo kwaye ayiphazamisi ukusebenza komncedisi. Lo mgangatho unokuphawula imposiso apho isalathisi somsebenzisi ngamnye sonakalisiwe.
- I-FATAL - eli nqanaba libonisa iimpazamo ngenxa yokuba umncedisi akakwazi ukuqhubeka nokusebenza ngokuqhelekileyo. Ngokomzekelo, inqanaba le-FATAL liya kuba lirekhodi elibonisa ukungakwazi ukuxhuma kwi-DBMS.
Ifayile yelog yeseva yemeyile ihlaziywa yonke imihla. Uguqulelo lwamva nje lwefayile luhlala lunegama elithi Mailbox.log, ngelixa iilog zomhla othile zinomhla egameni kwaye ziqulathwe kwindawo yokugcina. Umzekelo mailbox.log.2020-09-29.tar.gz. Oku kwenza kube lula kakhulu ukugcina iilog zemisebenzi kunye nokukhangela kwiilog.
Ukwenzela lula umlawuli wenkqubo, i/opt/zimbra/log/ ifolda iqulethe ezinye iilog. Zibandakanya kuphela amangeno anxulumene nezinto ezithile zeZimbra OSE. Ngokomzekelo, i-audit.log iqulethe kuphela iirekhodi malunga nokuqinisekiswa komsebenzisi, i-clamd.log iqulethe idatha malunga nokusebenza kwe-antivirus, njalo njalo. Ngendlela, indlela ebalaseleyo yokukhusela iseva yeZimbra OSE kubangeneleli , esebenza nje ngokusekelwe ku-audit.log. Kukwayinto elungileyo ukongeza umsebenzi wecron ukwenza umyalelo grep -ir "igama eliyimfihlo elingasebenziyo" /opt/zimbra/log/audit.logukufumana ulwazi lokungaphumeleli kokungena kwimihla ngemihla.
Umzekelo wendlela i-audit.log ebonisa ngayo igama eliyimfihlo elifakwe kabini ngokungachanekanga kunye nomzamo wokungena ngempumelelo.
Iilogi kwiZimbra OSE zinokuba luncedo kakhulu ekuchongeni oonobangela bokusilela okubalulekileyo. Okwangoku xa kwenzeka impazamo ebalulekileyo, umlawuli ngokuqhelekileyo akanalo ixesha lokufunda iilogi. Kuyafuneka ukubuyisela umncedisi ngokukhawuleza. Nangona kunjalo, kamva, xa umncedisi ebuyile kwaye evelisa iilogi ezininzi, kunokuba nzima ukufumana ukungena okufunekayo kwifayile enkulu. Ukuze ufumane ngokukhawuleza irekhodi yephutha, kwanele ukwazi ixesha apho umncedisi waqalwa kwakhona kwaye ufumane ukungena kwiilogi ezivela ngeli xesha. Ingeniso yangaphambili iya kuba yingxelo yempazamo eyenzekileyo. Unokufumana kwakhona umyalezo wephutha ngokukhangela igama elingundoqo elithi FATAL.
I-Zimbra OSE logs kwakhona ikuvumela ukuba uchonge ukusilela okungabalulekanga. Umzekelo, ukufumana okungaphandle komphathi, unokukhangela umphambi ngaphandle. Rhoqo, iimpazamo eziveliswa ngabaphathi zikhatshwa sisitaki esichaza ukuba yintoni ebangele umahluko. Kwimeko yeempazamo ngonikezelo lweposi, kufuneka uqale uphendlo lwakho ngegama elingundoqo le-LmtpServer, kunye nokukhangela iimpazamo ezinxulumene ne-POP okanye i-IMAP protocols, ungasebenzisa i-ImapServer kunye ne-Pop3Server amagama angundoqo.
Iilogi zinokunceda xa kuphandwa ngeziganeko zokhuseleko lolwazi. Makhe sijonge umzekelo othile. NgoSeptemba 20, omnye wabasebenzi wathumela ileta enentsholongwane kumthengi. Ngenxa yoko, idatha ekwikhompyuter yomthengi yabhalwa ngokuntsonkothileyo. Nangona kunjalo, umqeshwa ufunga ukuba akathumelanga nto. Njengenxalenye yophando kweso siganeko, inkonzo yokhuseleko lweshishini icela kumlawuli wenkqubo i-mail server logs ngoSeptemba 20 ehambelana nomsebenzisi ophandwayo. Ngombulelo kwisitampu sexesha, umlawuli wenkqubo ufumana ifayile yelog efunekayo, ukhuphe ulwazi oluyimfuneko kwaye aludlulisele kwiingcali zokhuseleko. Abo ke, bajonge kuyo kwaye bafumanisa ukuba idilesi ye-IP apho le leta ithunyelwe ihambelana nedilesi ye-IP yekhompyuter yomsebenzisi. Umfanekiso weCCTV waqinisekisa ukuba umsebenzi wayekwindawo yakhe yokusebenza ngethuba kuthunyelwa ileta. Le datha yayanele ukummangalela ngokuphula imithetho yokhuseleko lolwazi kunye nokumgxotha.
Umzekelo wokukhupha iirekhodi malunga nenye yeeakhawunti ukusuka kwi-Mailbox.log log kwifayile eyahlukileyo
Yonke into iba nzima ngakumbi xa isiza kwiziseko zoncedo ezininzi. Ekubeni iilogi ziqokelelwa ekuhlaleni, ukusebenza nabo kwisiseko se-multi-server kunzima kakhulu kwaye ngoko ke kukho imfuneko yokubeka ndawonye ukuqokelelwa kweelogi. Oku kunokwenziwa ngokuseka umamkeli ukuqokelela iilog. Akukho mfuneko ithile yokongeza umamkeli ozinikeleyo kwiziseko ezingundoqo. Nawuphi na umncedisi weposi unokusebenza njengendawo yokuqokelela iilog. Kwimeko yethu, le iya kuba yi-Mailstore01 node.
Kule seva kufuneka singenise le miyalelo ingezantsi:
sudo su β zimbra
zmcontrol stop
exit
sudo /opt/zimbra/libexec/zmfixperms -e -vHlela ifayile /etc/sysconfig/rsyslog, kwaye usete i-SYSLOGD_OPTIONS=β-r -c 2β³
Hlela /etc/rsyslog.conf kwaye unganikeli inkcazo ngale migca ilandelayo:
$ModLoad imudp
$UDPServerRun 514
Faka le miyalelo ilandelayo:
sudo /etc/init.d/rsyslog stop
sudo /etc/init.d/rsyslog start
sudo su β zimbra
zmcontrol start
exit
sudo /opt/zimbra/libexec/zmloggerinit
sudo /opt/zimbra/bin/zmsshkeygen
sudo /opt/zimbra/bin/zmupdateauthkeysUngajonga ukuba yonke into iyasebenza usebenzisa umyalelo zmprov gacf | grep zimbraLogHostname. Emva kokuphumeza umyalelo, igama lomkhosi oqokelela iilogi kufuneka liboniswe. Ukuze uyitshintshe, kufuneka ufake umyalelo zmprov mcf zimbraLogHostname mailstore01.company.ru.
Kuzo zonke ezinye iiseva zeziseko ezingundoqo (i-LDAP, i-MTA kunye nezinye iivenkile zeposi), sebenzisa umyalelo zmprov gacf |grep zimbraLogHostname ukubona igama lenginginya apho iilogi zithunyelwa khona. Ukuyitshintsha, ungaphinda ufake umyalelo zmprov mcf zimbraLogHostname mailstore01.company.ru
Kufuneka ufake le miyalelo ilandelayo kwiseva nganye:
sudo su - zimbra
/opt/zimbra/bin/zmsshkeygen
/opt/zimbra/bin/zmupdateauthkeys
exit
sudo /opt/zimbra/libexec/zmsyslogsetup
sudo service rsyslog restart
sudo su - zimbra
zmcontrol restartEmva koku, zonke iilogi ziya kubhalwa kwiseva oyichazile, apho zinokujongwa ngokulula. Kwakhona, kwi-console yomlawuli we-Zimbra OSE, kwisikrini ngolwazi malunga nobume beeseva, inkonzo ye-Logger esebenzayo iya kuboniswa kuphela kwi-mailstore01 iseva.
Enye intloko ebuhlungu yomlawuli inokugcina umkhondo we-imeyile ethile. Ekubeni i-imeyile e-Zimbra OSE ihamba ngeziganeko ezininzi ezahlukeneyo ngaxeshanye: ukuskena nge-antivirus, i-antispam, njalo njalo, ngaphambi kokuba yamkelwe okanye ithunyelwe, kumlawuli, ukuba i-imeyile ayifiki, kunokuba yingxaki kakhulu ukulandelela ukuba yeyiphi inqanaba. ibilahlekile .
Ukuze ucombulule le ngxaki, ungasebenzisa iskripthi esikhethekileyo, esaphuhliswa yingcali yokhuseleko lolwazi uViktor Dukhovny kwaye icetyiswa ukuba isetyenziswe ngabaphuhlisi bePostfix. Le script idibanisa amangeno asuka kwi logs kwinkqubo ethile kwaye, ngenxa yoku, ikuvumela ukuba ubonise ngokukhawuleza onke amangeno anxulumene nokuthumela unobumba othile ngokusekelwe kwisichongi saso. Umsebenzi wayo uvavanyiwe kuzo zonke iinguqulelo zeZimbra OSE, ukususela kwi-8.7. Nantsi isicatshulwa sombhalo.
#! /usr/bin/perl
use strict;
use warnings;
# Postfix delivery agents
my @agents = qw(discard error lmtp local pipe smtp virtual);
my $instre = qr{(?x)
A # Absolute line start
(?:S+ s+){3} # Timestamp, adjust for other time formats
S+ s+ # Hostname
(postfix(?:-[^/s]+)?) # Capture instance name stopping before first '/'
(?:/S+)* # Optional non-captured '/'-delimited qualifiers
/ # Final '/' before the daemon program name
};
my $cmdpidre = qr{(?x)
G # Continue from previous match
(S+)[(d+)]:s+ # command[pid]:
};
my %smtpd;
my %smtp;
my %transaction;
my $i = 0;
my %seqno;
my %isagent = map { ($_, 1) } @agents;
while (<>) {
next unless m{$instre}ogc; my $inst = $1;
next unless m{$cmdpidre}ogc; my $command = $1; my $pid = $2;
if ($command eq "smtpd") {
if (m{Gconnect from }gc) {
# Start new log
$smtpd{$pid}->{"log"} = $_; next;
}
$smtpd{$pid}->{"log"} .= $_;
if (m{G(w+): client=}gc) {
# Fresh transaction
my $qid = "$inst/$1";
$smtpd{$pid}->{"qid"} = $qid;
$transaction{$qid} = $smtpd{$pid}->{"log"};
$seqno{$qid} = ++$i;
next;
}
my $qid = $smtpd{$pid}->{"qid"};
$transaction{$qid} .= $_
if (defined($qid) && exists $transaction{$qid});
delete $smtpd{$pid} if (m{Gdisconnect from}gc);
next;
}
if ($command eq "pickup") {
if (m{G(w+): uid=}gc) {
my $qid = "$inst/$1";
$transaction{$qid} = $_;
$seqno{$qid} = ++$i;
}
next;
}
# bounce(8) logs transaction start after cleanup(8) already logged
# the message-id, so the cleanup log entry may be first
#
if ($command eq "cleanup") {
next unless (m{G(w+): }gc);
my $qid = "$inst/$1";
$transaction{$qid} .= $_;
$seqno{$qid} = ++$i if (! exists $seqno{$qid});
next;
}
if ($command eq "qmgr") {
next unless (m{G(w+): }gc);
my $qid = "$inst/$1";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $_;
if (m{Gremoved$}gc) {
print delete $transaction{$qid}, "n";
}
}
next;
}
# Save pre-delivery messages for smtp(8) and lmtp(8)
#
if ($command eq "smtp" || $command eq "lmtp") {
$smtp{$pid} .= $_;
if (m{G(w+): to=}gc) {
my $qid = "$inst/$1";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $smtp{$pid};
}
delete $smtp{$pid};
}
next;
}
if ($command eq "bounce") {
if (m{G(w+): .*? notification: (w+)$}gc) {
my $qid = "$inst/$1";
my $newid = "$inst/$2";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $_;
}
$transaction{$newid} =
$_ . $transaction{$newid};
$seqno{$newid} = ++$i if (! exists $seqno{$newid});
}
next;
}
if ($isagent{$command}) {
if (m{G(w+): to=}gc) {
my $qid = "$inst/$1";
if (defined($transaction{$qid})) {
$transaction{$qid} .= $_;
}
}
next;
}
}
# Dump logs of incomplete transactions.
foreach my $qid (sort {$seqno{$a} <=> $seqno{$b}} keys %transaction) {
print $transaction{$qid}, "n";
}Iskripthi sibhalwe kwiPerl kwaye ukuyiqhuba kufuneka uyigcine kwifayile dibanisa.pl, yenze iphunyezwe, kwaye emva koko sebenzisa ifayile echaza ifayile yelog kwaye usebenzisa i pgrep ukukhupha ulwazi lokuchonga lweleta oyikhangelayo. Collate.pl /var/log/zimbra.log | pgrep[imeyile ikhuselwe]>β. Isiphumo siya kuba yimveliso elandelelanayo yemigca equlethe ulwazi malunga nokuhamba kweleta kumncedisi.
# collate.pl /var/log/zimbra.log | pgrep '<[email protected]>'
Oct 13 10:17:00 mail postfix/pickup[4089]: 4FF14284F45: uid=1034 from=********
Oct 13 10:17:00 mail postfix/cleanup[26776]: 4FF14284F45: message-id=*******
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: from=********, size=1387, nrcpt=1 (queue active)
Oct 13 10:17:00 mail postfix/smtp[7516]: Anonymous TLS connection established to mail.*******[168.*.*.4]:25: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:00 mail postfix/smtp[7516]: 4FF14284F45: to=*********, relay=mail.*******[168.*.*.4]:25, delay=0.25, delays=0.02/0.02/0.16/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 878833424CF)
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: removed
Oct 13 10:17:07 mail postfix/smtpd[21777]: connect from zimbra.******[168.*.*.4]
Oct 13 10:17:07 mail postfix/smtpd[21777]: Anonymous TLS connection established from zimbra.******[168.*.*.4]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:08 mail postfix/smtpd[21777]: 0CB69282F4E: client=zimbra.******[168.*.*.4]
Oct 13 10:17:08 mail postfix/cleanup[26776]: 0CB69282F4E: message-id=zimbra.******
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: from=zimbra.******, size=3606, nrcpt=1 (queue active)
Oct 13 10:17:08 mail postfix/virtual[5291]: 0CB69282F4E: to=zimbra.******, orig_to=zimbra.******, relay=virtual, delay=0.03, delays=0.02/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: removedKuyo yonke imibuzo enxulumene neZextras Suite, ungaqhagamshelana noMmeli weZextras Ekaterina Triandafilidi nge-imeyile [imeyile ikhuselwe]
umthombo: www.habr.com