ProHoster > Блог > Isakoso > Bii o ṣe le ṣiṣẹ pẹlu awọn akọọlẹ Zimbra OSE

Bii o ṣe le ṣiṣẹ pẹlu awọn akọọlẹ Zimbra OSE

Wọle si gbogbo awọn iṣẹlẹ ti n ṣẹlẹ jẹ ọkan ninu awọn iṣẹ pataki julọ ti eyikeyi eto ajọṣepọ. Awọn akọọlẹ gba ọ laaye lati yanju awọn iṣoro ti n yọ jade, ṣayẹwo iṣẹ ṣiṣe ti awọn eto alaye, ati tun ṣe iwadii awọn iṣẹlẹ aabo alaye. Zimbra OSE tun tọju awọn igbasilẹ alaye ti iṣẹ rẹ. Wọn pẹlu gbogbo data lati iṣẹ olupin si fifiranṣẹ ati gbigba awọn imeeli nipasẹ awọn olumulo. Sibẹsibẹ, kika awọn akọọlẹ ti a ṣe nipasẹ Zimbra OSE jẹ iṣẹ-ṣiṣe ti kii ṣe bintin. Ninu nkan yii, ni lilo apẹẹrẹ kan pato, a yoo sọ fun ọ bi o ṣe le ka awọn akọọlẹ Zimbra OSE, bakanna bi o ṣe le jẹ ki wọn jẹ aarin.

Bii o ṣe le ṣiṣẹ pẹlu awọn akọọlẹ Zimbra OSE
Zimbra OSE tọju gbogbo awọn akọọlẹ agbegbe sinu folda /opt/zimbra/log, ati awọn akọọlẹ tun le rii ninu faili /var/log/zimbra.log. Pataki julọ ninu iwọnyi ni mailbox.log. O ṣe igbasilẹ gbogbo awọn iṣe ti o waye lori olupin meeli. Iwọnyi pẹlu gbigbe awọn imeeli, data ijẹrisi olumulo, awọn igbiyanju iwọle ti kuna, ati awọn miiran. Awọn titẹ sii ni mailbox.log jẹ okun ọrọ ti o ni akoko ti iṣẹlẹ naa waye, ipele iṣẹlẹ naa, nọmba okun ninu eyiti iṣẹlẹ naa waye, orukọ olumulo ati adirẹsi IP, bakanna bi apejuwe ọrọ ti iṣẹlẹ naa. .

Bii o ṣe le ṣiṣẹ pẹlu awọn akọọlẹ Zimbra OSE

Ipele log tọkasi iwọn ipa ti iṣẹlẹ lori iṣẹ olupin naa. Nipa aiyipada awọn ipele iṣẹlẹ mẹrin wa: ALAYE, IKILO, Aṣiṣe ati FATAL. Jẹ ki ká wo ni gbogbo awọn ipele ni jijẹ ibere ti idibajẹ.

  • ALAYE - Awọn iṣẹlẹ ni ipele yii ni a pinnu nigbagbogbo lati sọ fun nipa ilọsiwaju ti Zimbra OSE. Awọn ifiranṣẹ ni ipele yii pẹlu awọn ijabọ lori ṣiṣẹda tabi piparẹ apoti ifiweranṣẹ, ati bẹbẹ lọ.
  • IKILO - awọn iṣẹlẹ ti ipele yii sọ nipa awọn ipo ti o lewu, ṣugbọn ko ni ipa lori iṣẹ olupin naa. Fun apẹẹrẹ, ipele IKILO n samisi ifiranṣẹ kan nipa igbiyanju wiwọle olumulo ti kuna.
  • Aṣiṣe - ipele iṣẹlẹ yii ninu akọọlẹ sọ nipa iṣẹlẹ ti aṣiṣe ti o jẹ agbegbe ni iseda ati pe ko dabaru pẹlu iṣẹ olupin naa. Ipele yii le ṣe afihan aṣiṣe kan ninu eyiti data atọka olumulo kọọkan ti bajẹ.
  • FATAL - ipele yii tọkasi awọn aṣiṣe nitori eyiti olupin ko le tẹsiwaju lati ṣiṣẹ ni deede. Fun apẹẹrẹ, ipele FATAL yoo jẹ fun igbasilẹ ti o nfihan ailagbara lati sopọ si DBMS.

Faili akọọlẹ olupin meeli ti ni imudojuiwọn lojoojumọ. Ẹya tuntun ti faili nigbagbogbo ni orukọ Mailbox.log, lakoko ti awọn iforukọsilẹ fun ọjọ kan ni ọjọ kan ninu orukọ ati pe o wa ninu ile-ipamọ. Fun apẹẹrẹ mailbox.log.2020-09-29.tar.gz. Eyi jẹ ki o rọrun pupọ lati ṣe afẹyinti awọn akọọlẹ iṣẹ ṣiṣe ati wa nipasẹ awọn akọọlẹ.

Fun itunu ti oluṣakoso eto, faili /opt/zimbra/log/ folda ni awọn akọọlẹ miiran. Wọn pẹlu awọn titẹ sii nikan ti o jọmọ awọn eroja Zimbra OSE kan pato. Fun apẹẹrẹ, audit.log ni awọn igbasilẹ nikan nipa ijẹrisi olumulo, clamd.log ni data ninu nipa iṣẹ ti antivirus, ati bẹbẹ lọ. Nipa ọna, ọna ti o dara julọ ti idabobo olupin Zimbra OSE lati awọn intruders jẹ Idaabobo olupin nipa lilo Fail2Ban, eyi ti o kan ṣiṣẹ da lori audit.log. O tun jẹ iṣe ti o dara lati ṣafikun iṣẹ-ṣiṣe cron lati ṣiṣẹ aṣẹ naa grep -ir "ọrọ igbaniwọle ti ko tọ" /opt/zimbra/log/audit.loglati gba alaye ikuna wiwọle ojoojumọ.

Bii o ṣe le ṣiṣẹ pẹlu awọn akọọlẹ Zimbra OSE
Apeere ti bii audit.log ṣe fihan ọrọ igbaniwọle ti a tẹ lẹẹmeji ni aṣiṣe ati igbiyanju iwọle aṣeyọri.

Awọn iforukọsilẹ ni Zimbra OSE le wulo pupọ ni idamo awọn okunfa ti awọn ikuna to ṣe pataki. Ni akoko ti aṣiṣe pataki kan ba waye, oludari nigbagbogbo ko ni akoko lati ka awọn akọọlẹ naa. O nilo lati mu pada olupin pada ni kete bi o ti ṣee. Sibẹsibẹ, nigbamii, nigbati olupin naa ba ṣe afẹyinti ati pe o nmu ọpọlọpọ awọn akọọlẹ, o le ṣoro lati wa titẹ sii ti o nilo ni faili nla kan. Lati wa igbasilẹ aṣiṣe ni kiakia, o to lati mọ akoko ti olupin naa ti tun bẹrẹ ati ki o wa titẹ sii ninu awọn akọọlẹ ibaṣepọ lati akoko yii. Akọsilẹ ti tẹlẹ yoo jẹ igbasilẹ ti aṣiṣe ti o waye. O tun le wa ifiranṣẹ aṣiṣe nipa wiwa fun Koko FATAL.

Awọn akọọlẹ Zimbra OSE tun gba ọ laaye lati ṣe idanimọ awọn ikuna ti kii ṣe pataki. Fun apẹẹrẹ, lati wa awọn imukuro oluṣakoso, o le wa iyasọtọ olutọju. Nigbagbogbo, awọn aṣiṣe ti ipilẹṣẹ nipasẹ awọn olutọju ni o tẹle pẹlu itọpa akopọ ti o ṣalaye ohun ti o fa iyasọtọ naa. Ni ọran ti awọn aṣiṣe pẹlu ifijiṣẹ meeli, o yẹ ki o bẹrẹ wiwa rẹ pẹlu Koko-ọrọ LmtpServer, ati lati wa awọn aṣiṣe ti o ni ibatan si awọn ilana POP tabi IMAP, o le lo awọn Koko-ọrọ ImapServer ati Pop3Server.

Awọn akọọlẹ tun le ṣe iranlọwọ nigba ṣiṣe iwadii awọn iṣẹlẹ aabo alaye. Jẹ ká wo ni kan pato apẹẹrẹ. Ni Oṣu Kẹsan ọjọ 20, ọkan ninu awọn oṣiṣẹ naa fi lẹta ti o ni ọlọjẹ ranṣẹ si alabara kan. Bi abajade, data ti o wa lori kọnputa alabara jẹ fifipamọ. Sibẹsibẹ, oṣiṣẹ naa bura pe oun ko firanṣẹ ohunkohun. Gẹgẹbi apakan ti iwadii si iṣẹlẹ naa, awọn ibeere iṣẹ aabo ile-iṣẹ lati ọdọ oluṣakoso eto awọn iforukọsilẹ olupin meeli fun Oṣu Kẹsan Ọjọ 20 ti o ni nkan ṣe pẹlu olumulo ti n ṣe iwadii. Ṣeun si ontẹ akoko, oluṣakoso eto wa faili log pataki, yọkuro alaye pataki ati gbe lọ si awọn alamọja aabo. Iyẹn, lapapọ, wo nipasẹ rẹ ki o rii pe adiresi IP lati eyiti o ti fi lẹta yii ranṣẹ ni ibamu si adiresi IP ti kọnputa olumulo. Aworan CCTV jẹrisi pe oṣiṣẹ wa ni ibi iṣẹ rẹ nigbati lẹta naa fi ranṣẹ. Data yii ti to lati fi ẹsun kan rẹ pe o ṣẹ awọn ofin aabo alaye ati ina rẹ. 

Bii o ṣe le ṣiṣẹ pẹlu awọn akọọlẹ Zimbra OSE
Apeere ti yiyo awọn igbasilẹ nipa ọkan ninu awọn akọọlẹ lati Mailbox.log wọle sinu faili lọtọ

Ohun gbogbo di idiju pupọ diẹ sii nigbati o ba de awọn amayederun olupin pupọ. Niwọn igba ti a ti gba awọn akọọlẹ ni agbegbe, ṣiṣẹ pẹlu wọn ni awọn amayederun olupin pupọ ko ni irọrun ati nitorinaa iwulo wa lati ṣe agbedemeji akojọpọ awọn akọọlẹ. Eyi le ṣee ṣe nipa siseto agbalejo kan lati gba awọn akọọlẹ. Ko si iwulo pataki lati ṣafikun ogun iyasọtọ si awọn amayederun. Olupin meeli eyikeyi le ṣe bi ipade fun gbigba awọn akọọlẹ. Ninu ọran wa, eyi yoo jẹ ipade Mailstore01.

Lori olupin yii a nilo lati tẹ awọn aṣẹ wọnyi sii:

sudo su – zimbra 
zmcontrol stop
exit
sudo /opt/zimbra/libexec/zmfixperms -e -v

Ṣatunkọ faili /etc/sysconfig/rsyslog, ki o si ṣeto SYSLOGD_OPTIONS =”-r -c 2″

Ṣatunkọ /etc/rsyslog.conf ki o ṣe alaye awọn laini wọnyi:
$ModLoad imudp
$UDPServerRun 514

Tẹ awọn aṣẹ wọnyi sii:

sudo /etc/init.d/rsyslog stop
sudo /etc/init.d/rsyslog start
sudo su – zimbra
zmcontrol start
exit
sudo /opt/zimbra/libexec/zmloggerinit
sudo /opt/zimbra/bin/zmsshkeygen
sudo /opt/zimbra/bin/zmupdateauthkeys

O le ṣayẹwo pe ohun gbogbo n ṣiṣẹ nipa lilo aṣẹ zmprov gacf | grep zimbraLogHostname. Lẹhin ṣiṣe pipaṣẹ naa, orukọ agbalejo ti o gba awọn akọọlẹ yẹ ki o han. Lati le yi pada, o gbọdọ tẹ aṣẹ zmprov mcf zimbraLogHostname mailstore01.company.ru sii.

Lori gbogbo awọn olupin amayederun miiran (LDAP, MTA ati awọn ile itaja meeli miiran), ṣiṣe aṣẹ zmprov gacf | grep zimbraLogHostname lati wo orukọ agbalejo eyiti a fi awọn akọọlẹ ranṣẹ si. Lati yi pada, o tun le tẹ aṣẹ zmprov mcf zimbraLogHostname mailstore01.company.ru sii

O tun gbọdọ tẹ awọn aṣẹ wọnyi sii lori olupin kọọkan:

sudo su - zimbra
/opt/zimbra/bin/zmsshkeygen
/opt/zimbra/bin/zmupdateauthkeys
exit
sudo /opt/zimbra/libexec/zmsyslogsetup
sudo service rsyslog restart
sudo su - zimbra
zmcontrol restart

Lẹhin eyi, gbogbo awọn igbasilẹ yoo wa ni igbasilẹ lori olupin ti o sọ, nibiti wọn le rii ni irọrun. Paapaa, ninu console adari Zimbra OSE, loju iboju pẹlu alaye nipa ipo awọn olupin, iṣẹ Logger nṣiṣẹ yoo han nikan fun olupin mailstore01.

Bii o ṣe le ṣiṣẹ pẹlu awọn akọọlẹ Zimbra OSE

Orififo miiran fun oluṣakoso le jẹ abala ti imeeli kan pato. Niwọn igba ti awọn apamọ ni Zimbra OSE lọ nipasẹ ọpọlọpọ awọn iṣẹlẹ oriṣiriṣi ni ẹẹkan: ọlọjẹ nipasẹ antivirus, antispam, ati bẹbẹ lọ, ṣaaju gbigba tabi firanṣẹ, fun oluṣakoso, ti imeeli ko ba de, o le jẹ iṣoro pupọ lati wa kakiri ni ipele wo ni o ti sọnu.

Lati yanju iṣoro yii, o le lo iwe afọwọkọ pataki kan, eyiti o jẹ idagbasoke nipasẹ alamọja aabo alaye Viktor Dukhovny ati iṣeduro fun lilo nipasẹ awọn olupilẹṣẹ Postfix. Iwe afọwọkọ yii ṣajọpọ awọn titẹ sii lati awọn akọọlẹ fun ilana kan pato ati, nitori eyi, o fun ọ laaye lati ṣafihan ni iyara gbogbo awọn titẹ sii ti o ni nkan ṣe pẹlu fifiranṣẹ lẹta kan pato ti o da lori idanimọ rẹ. Iṣẹ rẹ ti ni idanwo lori gbogbo awọn ẹya ti Zimbra OSE, ti o bẹrẹ lati 8.7. Eyi ni ọrọ ti iwe afọwọkọ naa.

#! /usr/bin/perl

use strict;
use warnings;

# Postfix delivery agents
my @agents = qw(discard error lmtp local pipe smtp virtual);

my $instre = qr{(?x)
	A			# Absolute line start
	(?:S+ s+){3} 		# Timestamp, adjust for other time formats
	S+ s+ 		# Hostname
	(postfix(?:-[^/s]+)?)	# Capture instance name stopping before first '/'
	(?:/S+)*		# Optional non-captured '/'-delimited qualifiers
	/			# Final '/' before the daemon program name
	};

my $cmdpidre = qr{(?x)
	G			# Continue from previous match
	(S+)[(d+)]:s+	# command[pid]:
};

my %smtpd;
my %smtp;
my %transaction;
my $i = 0;
my %seqno;

my %isagent = map { ($_, 1) } @agents;

while (<>) {
	next unless m{$instre}ogc; my $inst = $1;
	next unless m{$cmdpidre}ogc; my $command = $1; my $pid = $2;

	if ($command eq "smtpd") {
		if (m{Gconnect from }gc) {
			# Start new log
			$smtpd{$pid}->{"log"} = $_; next;
		}

		$smtpd{$pid}->{"log"} .= $_;

		if (m{G(w+): client=}gc) {
			# Fresh transaction 
			my $qid = "$inst/$1";
			$smtpd{$pid}->{"qid"} = $qid;
			$transaction{$qid} = $smtpd{$pid}->{"log"};
			$seqno{$qid} = ++$i;
			next;
		}

		my $qid = $smtpd{$pid}->{"qid"};
		$transaction{$qid} .= $_
			if (defined($qid) && exists $transaction{$qid});
		delete $smtpd{$pid} if (m{Gdisconnect from}gc);
		next;
	}

	if ($command eq "pickup") {
		if (m{G(w+): uid=}gc) {
			my $qid = "$inst/$1";
			$transaction{$qid} = $_;
			$seqno{$qid} = ++$i;
		}
		next;
	}

	# bounce(8) logs transaction start after cleanup(8) already logged
	# the message-id, so the cleanup log entry may be first
	#
	if ($command eq "cleanup") {
		next unless (m{G(w+): }gc);
		my $qid = "$inst/$1";
		$transaction{$qid} .= $_;
		$seqno{$qid} = ++$i if (! exists $seqno{$qid});
		next;
	}

	if ($command eq "qmgr") {
		next unless (m{G(w+): }gc);
		my $qid = "$inst/$1";
		if (defined($transaction{$qid})) {
			$transaction{$qid} .= $_;
			if (m{Gremoved$}gc) {
				print delete $transaction{$qid}, "n";
			}
		}
		next;
	}

	# Save pre-delivery messages for smtp(8) and lmtp(8)
	#
	if ($command eq "smtp" || $command eq "lmtp") {
		$smtp{$pid} .= $_;

		if (m{G(w+): to=}gc) {
			my $qid = "$inst/$1";
			if (defined($transaction{$qid})) {
				$transaction{$qid} .= $smtp{$pid};
			}
			delete $smtp{$pid};
		}
		next;
	}

	if ($command eq "bounce") {
		if (m{G(w+): .*? notification: (w+)$}gc) {
			my $qid = "$inst/$1";
			my $newid = "$inst/$2";
			if (defined($transaction{$qid})) {
				$transaction{$qid} .= $_;
			}
			$transaction{$newid} =
				$_ . $transaction{$newid};
			$seqno{$newid} = ++$i if (! exists $seqno{$newid});
		}
		next;
	}

	if ($isagent{$command}) {
		if (m{G(w+): to=}gc) {
			my $qid = "$inst/$1";
			if (defined($transaction{$qid})) {
				$transaction{$qid} .= $_;
			}
		}
		next;
	}
}

# Dump logs of incomplete transactions.
foreach my $qid (sort {$seqno{$a} <=> $seqno{$b}} keys %transaction) {
    print $transaction{$qid}, "n";
}

A kọ iwe afọwọkọ naa ni Perl ati lati ṣiṣẹ o nilo lati fipamọ si faili kan kojọpọ.pl, jẹ ki o ṣiṣẹ, lẹhinna ṣiṣe faili ti n ṣalaye faili log ati lilo pgrep lati yọ alaye idanimọ ti lẹta ti o n wa jade. collate.pl /var/log/zimbra.log | pgrep '[imeeli ni idaabobo]> '. Abajade yoo jẹ abajade lẹsẹsẹ ti awọn laini ti o ni alaye nipa gbigbe lẹta lori olupin naa.

# collate.pl /var/log/zimbra.log | pgrep '<[email protected]>'
Oct 13 10:17:00 mail postfix/pickup[4089]: 4FF14284F45: uid=1034 from=********
Oct 13 10:17:00 mail postfix/cleanup[26776]: 4FF14284F45: message-id=*******
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: from=********, size=1387, nrcpt=1 (queue active)
Oct 13 10:17:00 mail postfix/smtp[7516]: Anonymous TLS connection established to mail.*******[168.*.*.4]:25: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:00 mail postfix/smtp[7516]: 4FF14284F45: to=*********, relay=mail.*******[168.*.*.4]:25, delay=0.25, delays=0.02/0.02/0.16/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 878833424CF)
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: removed
Oct 13 10:17:07 mail postfix/smtpd[21777]: connect from zimbra.******[168.*.*.4]
Oct 13 10:17:07 mail postfix/smtpd[21777]: Anonymous TLS connection established from zimbra.******[168.*.*.4]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:08 mail postfix/smtpd[21777]: 0CB69282F4E: client=zimbra.******[168.*.*.4]
Oct 13 10:17:08 mail postfix/cleanup[26776]: 0CB69282F4E: message-id=zimbra.******
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: from=zimbra.******, size=3606, nrcpt=1 (queue active)
Oct 13 10:17:08 mail postfix/virtual[5291]: 0CB69282F4E: to=zimbra.******, orig_to=zimbra.******, relay=virtual, delay=0.03, delays=0.02/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: removed

Fun gbogbo awọn ibeere ti o jọmọ Zextras Suite, o le kan si Aṣoju Zextras Ekaterina Triandafilidi nipasẹ imeeli [imeeli ni idaabobo]

orisun: www.habr.com