Announcement

Collapse
No announcement yet.

Send OX logs to Syslog server

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Send OX logs to Syslog server

    Hey,

    I have to send the logs to an other server and to process the logs there (login origins, logouts, login failures).

    The environment:
    Code:
    Ubuntu 22.04.5 LTS
    openjdk version "1.8.0_432"
    OpenJDK Runtime Environment (build 1.8.0_432-8u432-ga~us1-0ubuntu2~22.04-ga)
    OpenJDK 64-Bit Server VM (build 25.432-bga, mixed mode)
    ii  open-xchange                           7.10.6-68                               all          The Open-Xchange backend
    ii  open-xchange-admin                     7.10.6-68                               all          The Open-Xchange backend administration extension
    ii  open-xchange-appsuite                  7.10.6-47                               all          OX App Suite HTML5 client
    I planned to use rsyslog to watch the file /var/log/open-xchange/open-xchange.log.0, but rsyslog is not allowed to access the file. Approaches are:
    • configure open-xchange to set +r to the group (how?) and put rsyslog in the open-xchange group
    • configure open-xchange to forward the logs direct to the remote syslog server (how?)

    Beside that I recognized that the logs are Java traditional in multiple lines. Is there a way to get relevant logs into a one liner? Here is what I mean:

    Code:
    root@ox01:~# grep -A25 "Authentication error on host" /var/log/open-xchange/open-xchange.log.0
    Authentication error on host mail01.network.internal:143 for user xxx
     com.openexchange.database.schema=oxdatabase_5
     com.openexchange.grizzly.method=POST
     com.openexchange.grizzly.queryString=<none>
     com.openexchange.grizzly.remoteAddress=10.x.x.x
     com.openexchange.grizzly.remotePort=41366
     com.openexchange.grizzly.requestURI=/ajax/login
     com.openexchange.grizzly.serverName=ox.domain.tld
     com.openexchange.grizzly.servletPath=/ajax/login
     com.openexchange.grizzly.session=5752644031267405844.OX0
     com.openexchange.grizzly.threadName=OXWorker-0031330
     com.openexchange.grizzly.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0
     com.openexchange.localhost.ipAddress=10.x.x.x
     com.openexchange.localhost.version=7.10.6-Rev68
     com.openexchange.login.authId=2bd7b724a3824eb8a22ba46bf2f42266
     com.openexchange.login.client=open-xchange-appsuite
     com.openexchange.login.clientIp=10.x.x.x
     com.openexchange.login.login=xxx
     com.openexchange.login.resolvedLogin=xxx
     com.openexchange.login.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0
     com.openexchange.login.version=7.10.6-47
     com.openexchange.request.trackingId=1400638938-700376099
    javax.mail.AuthenticationFailedException: [AUTHENTICATIONFAILED] Authentication failed.
        at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:989)
        at javax.mail.Service.connect(Service.java:370)
        at com.openexchange.authentication.imap.impl.IMAPAuthentication.handleLoginInfo(IMAPAuthentication.java:360)​
    More easily to parse would be a message like this: "Authentication error on host mail01.network.internal:143 for user xxx, database.schema=oxdatabase_5, grizzly.method=POST, grizzly.remoteAddress=10.x.x.x, grizzly.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0, ..." This allows you to parse split it by "," and put it into key-value-pairs.

    Last question: I put the open xchange behind a reverse proxy. Therefore, the values of com.openexchange.grizzly.remoteAddress and com.openexchange.login.clientIp are always the same (from the reverse proxy). Is there a way to configure open xchange to try to take the x-forwarded-for IP?
Working...
X