AppSuite:Log forwarding: Difference between revisions
From Open-Xchange
(→IMAP) |
(→IMAP) |
||
| Line 12: | Line 12: | ||
events | events | ||
failed login | * failed login | ||
fields | * fields | ||
reason for failed login | * reason for failed login | ||
user – login username | * user – login username | ||
method – authentication method | * method – authentication method | ||
rip – remote client ip | * rip – remote client ip | ||
TLS – if connection was using tls | * TLS – if connection was using tls | ||
session – uniqe session id | * session – uniqe session id | ||
succesful login | succesful login | ||
fields | fields | ||
Revision as of 10:34, 11 September 2019
Log Forwarding
Open-Xchange Logs
- Log items are in plain ASCII line-based format, with data usually in
- name=value format (no whitespace in values), space-separated.
- Non-printable ASCII will be escaped to preserve log integrity
- Dates are output in the format: YYYY-MMDDTHH:MM:SS.mmm+hh:mm (+hh:mm should be expected as 00:00 as systems running with UTC)
- events and fields in bold should be available with the log delivery workaround (AppSuite logs) all the fields should be available with the log delivery final solution (Dovecot logs)
IMAP
events
* failed login
* fields
* reason for failed login
* user – login username
* method – authentication method
* rip – remote client ip
* TLS – if connection was using tls
* session – uniqe session id
succesful login
fields
user – login username
method – authentication method
rip – remote client ip
lport – local port connected to
TLS – if connection was using tls
session – unique session id
logout
fields
disconnect reason
in – bytes received
out – bytes send
user – login username
method – authentication method
rip – remote client ip
lport – local port connected to
TLS – if connection was using tls
session – uniqe session id