Hey,
I have to send the logs to an other server and to process the logs there (login origins, logouts, login failures).
The environment:
I planned to use rsyslog to watch the file /var/log/open-xchange/open-xchange.log.0, but rsyslog is not allowed to access the file. Approaches are:
Beside that I recognized that the logs are Java traditional in multiple lines. Is there a way to get relevant logs into a one liner? Here is what I mean:
More easily to parse would be a message like this: "Authentication error on host mail01.network.internal:143 for user xxx, database.schema=oxdatabase_5, grizzly.method=POST, grizzly.remoteAddress=10.x.x.x, grizzly.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0, ..." This allows you to parse split it by "," and put it into key-value-pairs.
Last question: I put the open xchange behind a reverse proxy. Therefore, the values of com.openexchange.grizzly.remoteAddress and com.openexchange.login.clientIp are always the same (from the reverse proxy). Is there a way to configure open xchange to try to take the x-forwarded-for IP?
I have to send the logs to an other server and to process the logs there (login origins, logouts, login failures).
The environment:
Code:
Ubuntu 22.04.5 LTS openjdk version "1.8.0_432" OpenJDK Runtime Environment (build 1.8.0_432-8u432-ga~us1-0ubuntu2~22.04-ga) OpenJDK 64-Bit Server VM (build 25.432-bga, mixed mode) ii open-xchange 7.10.6-68 all The Open-Xchange backend ii open-xchange-admin 7.10.6-68 all The Open-Xchange backend administration extension ii open-xchange-appsuite 7.10.6-47 all OX App Suite HTML5 client
- configure open-xchange to set +r to the group (how?) and put rsyslog in the open-xchange group
- configure open-xchange to forward the logs direct to the remote syslog server (how?)
Beside that I recognized that the logs are Java traditional in multiple lines. Is there a way to get relevant logs into a one liner? Here is what I mean:
Code:
root@ox01:~# grep -A25 "Authentication error on host" /var/log/open-xchange/open-xchange.log.0 Authentication error on host mail01.network.internal:143 for user xxx com.openexchange.database.schema=oxdatabase_5 com.openexchange.grizzly.method=POST com.openexchange.grizzly.queryString=<none> com.openexchange.grizzly.remoteAddress=10.x.x.x com.openexchange.grizzly.remotePort=41366 com.openexchange.grizzly.requestURI=/ajax/login com.openexchange.grizzly.serverName=ox.domain.tld com.openexchange.grizzly.servletPath=/ajax/login com.openexchange.grizzly.session=5752644031267405844.OX0 com.openexchange.grizzly.threadName=OXWorker-0031330 com.openexchange.grizzly.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0 com.openexchange.localhost.ipAddress=10.x.x.x com.openexchange.localhost.version=7.10.6-Rev68 com.openexchange.login.authId=2bd7b724a3824eb8a22ba46bf2f42266 com.openexchange.login.client=open-xchange-appsuite com.openexchange.login.clientIp=10.x.x.x com.openexchange.login.login=xxx com.openexchange.login.resolvedLogin=xxx com.openexchange.login.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0 com.openexchange.login.version=7.10.6-47 com.openexchange.request.trackingId=1400638938-700376099 javax.mail.AuthenticationFailedException: [AUTHENTICATIONFAILED] Authentication failed. at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:989) at javax.mail.Service.connect(Service.java:370) at com.openexchange.authentication.imap.impl.IMAPAuthentication.handleLoginInfo(IMAPAuthentication.java:360)
Last question: I put the open xchange behind a reverse proxy. Therefore, the values of com.openexchange.grizzly.remoteAddress and com.openexchange.login.clientIp are always the same (from the reverse proxy). Is there a way to configure open xchange to try to take the x-forwarded-for IP?