AppSuite:Log forwarding: Difference between revisions

From Open-Xchange
Line 12: Line 12:


  events
  events
     failed login
     * failed login
         fields
         * fields
             reason for failed login
             * reason for failed login
             user – login username
             * user – login username
             method – authentication method
             * method – authentication method
             rip – remote client ip
             * rip – remote client ip
             TLS – if connection was using tls
             * TLS – if connection was using tls
             session – uniqe session id
             * session – uniqe session id
     succesful login
     succesful login
         fields
         fields

Revision as of 10:34, 11 September 2019

Log Forwarding

Open-Xchange Logs

  • Log items are in plain ASCII line-based format, with data usually in
  • name=value format (no whitespace in values), space-separated.
  • Non-printable ASCII will be escaped to preserve log integrity
  • Dates are output in the format: YYYY-MMDDTHH:MM:SS.mmm+hh:mm (+hh:mm should be expected as 00:00 as systems running with UTC)
  • events and fields in bold should be available with the log delivery workaround (AppSuite logs) all the fields should be available with the log delivery final solution (Dovecot logs)

IMAP

events
   * failed login
       * fields
           * reason for failed login
           * user – login username
           * method – authentication method
           * rip – remote client ip
           * TLS – if connection was using tls
           * session – uniqe session id
   succesful login
       fields
           user – login username
           method – authentication method
           rip – remote client ip
           lport – local port connected to
           TLS – if connection was using tls
           session – unique session id
   logout
       fields
           disconnect reason
           in – bytes received
           out – bytes send
           user – login username
           method – authentication method
           rip – remote client ip
           lport – local port connected to
           TLS – if connection was using tls
           session – uniqe session id