Difference between revisions of "AppSuite:Log forwarding"

(IMAP)
(IMAP)
Line 11: Line 11:
 
== IMAP ==
 
== IMAP ==
  
  events
+
  '''events'''
     * failed login
+
     * '''failed login'''
 
         * fields
 
         * fields
             * reason for failed login
+
             * '''reason''' for failed login
 +
            * '''user''' – login username
 +
            * method – authentication method
 +
            * '''rip''' – remote client ip
 +
            * TLS – if connection was using tls
 +
            * session – uniqe session id
 +
    * '''succesful login'''
 +
        * fields
 +
            * '''user''' – login username
 +
            * method – authentication method
 +
            * '''rip''' – remote client ip
 +
            * lport – local port connected to
 +
            * TLS – if connection was using tls
 +
            * session – unique session id
 +
    * logout
 +
        * fields
 +
            * disconnect reason
 +
            * in – bytes received
 +
            * out – bytes send
 
             * user – login username
 
             * user – login username
 
             * method – authentication method
 
             * method – authentication method
 
             * rip – remote client ip
 
             * rip – remote client ip
 +
            * lport – local port connected to
 
             * TLS – if connection was using tls
 
             * TLS – if connection was using tls
 
             * session – uniqe session id
 
             * session – uniqe session id
    succesful login
 
        fields
 
            user – login username
 
            method – authentication method
 
            rip – remote client ip
 
            lport – local port connected to
 
            TLS – if connection was using tls
 
            session – unique session id
 
    logout
 
        fields
 
            disconnect reason
 
            in – bytes received
 
            out – bytes send
 
            user – login username
 
            method – authentication method
 
            rip – remote client ip
 
            lport – local port connected to
 
            TLS – if connection was using tls
 
            session – uniqe session id
 

Revision as of 10:36, 11 September 2019

Log Forwarding

Open-Xchange Logs

  • Log items are in plain ASCII line-based format, with data usually in
  • name=value format (no whitespace in values), space-separated.
  • Non-printable ASCII will be escaped to preserve log integrity
  • Dates are output in the format: YYYY-MMDDTHH:MM:SS.mmm+hh:mm (+hh:mm should be expected as 00:00 as systems running with UTC)
  • events and fields in bold should be available with the log delivery workaround (AppSuite logs) all the fields should be available with the log delivery final solution (Dovecot logs)

IMAP

events
   * failed login
       * fields
           * reason for failed login
           * user – login username
           * method – authentication method
           * rip – remote client ip
           * TLS – if connection was using tls
           * session – uniqe session id
   * succesful login
       * fields
           * user – login username
           * method – authentication method
           * rip – remote client ip
           * lport – local port connected to
           * TLS – if connection was using tls
           * session – unique session id
   * logout
       * fields
           * disconnect reason
           * in – bytes received
           * out – bytes send
           * user – login username
           * method – authentication method
           * rip – remote client ip
           * lport – local port connected to
           * TLS – if connection was using tls
           * session – uniqe session id