AppSuite:Log forwarding: Difference between revisions

From Open-Xchange
No edit summary
No edit summary
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Log Forwarding =
= Log Forwarding =
For customers using OX as a Service (Managed) or OX App Suite Cloud, Open-Xchange provides highly restricted and TLS-encrypted access to a filtered logstream for customer’s internal purposes.


== Open-Xchange Logs ==
== Open-Xchange Logs ==
Line 11: Line 13:
== IMAP ==
== IMAP ==


  events
  '''events'''
    * '''failed login'''
        * fields
            * '''reason''' for failed login
            * '''user''' – login username
            * method – authentication method
            * '''rip''' – remote client ip
            * TLS – if connection was using tls
            * session – uniqe session id
    * '''succesful login'''
        * fields
            * '''user''' – login username
            * method – authentication method
            * '''rip''' – remote client ip
            * lport – local port connected to
            * TLS – if connection was using tls
            * session – unique session id
    * logout
        * fields
            * disconnect reason
            * in – bytes received
            * out – bytes send
            * user – login username
            * method – authentication method
            * rip – remote client ip
            * lport – local port connected to
            * TLS – if connection was using tls
            * session – uniqe session id
 
== POP3 ==
'''events'''
    * '''failed login'''
        * fields
            * reason for failed login
            * '''user''' – login username
            * method – authentication method
            * '''rip''' – remote client ip
            * TLS – if connection was using tls
            * session – uniqe session id
    * '''successful login'''
        * fields
            * '''user''' – login username
            * method – authentication method
            * '''rip''' – remote client ip
            * TLS – if connection was using tls
            * session – unique session id
    * logout
        * fields
            * disconnect reason
            * in – bytes received
            * out – bytes sent
            * user – login username
            * method – authentication method
            * rip – remote ip
            * TLS – if connection was using tls
            * session – unique session id
 
== SMTP ==
 
'''events'''
    * '''failed login'''
        * fields
            * disconnect reason
            * '''user''' – login username
            * method – authentication method
            * '''rip''' – remote ip
            * TLS – if connection was using tls
            * session – unique session id
    * '''login'''
        * fields
            * '''user''' – login username
            * method – authentication method
            * '''rip''' – remote ip
            * TLS – if connection was using tls
            * session – unique session id
    * '''mail sent'''
        * '''fields'''
            * '''queue ID'''
            * '''message-id'''
            * '''from – envelope from'''
            * '''size'''
            * '''nrcpt – number of recipients'''
            * '''to – recipient'''
            * '''relay – receiving server'''
            * '''status – status of message'''
            * '''remote answer'''
            * '''delays'''
            * '''remove – when message was removed from queue'''
    * logout
        * fields
            * disconnect reason
            * in – bytes received
            * out – bytes sent
            * user – login username
            * method – authentication method
            * rip – remote ip
            * TLS – if connection was using tls
            * session – unique session id
== HTTP ==


     failed login
'''events'''
         fields
     * failed login
             reason for failed login
         * fields
             user – login username
             * failed reason
             method authentication method
            * openexchange.grizzly.remoteAddress – client ip
             rip remote client ip
            * openexchange.grizzly.serverName – hostname
             TLS if connection was using tls
            * openexchange.grizzly.userAgent – User
             session uniqe session id
            * openexchange.login.client – login client
    succesful login
             * openexchange.login.login – login username
        fields
    * login
             user – login username
        * fields
             method authentication method
             * Login username
             rip remote client ip
             * IP – client ip
             lport local port connected to
             * AuthID auth id
             TLS if connection was using tls
             * Agent user Agent
             session unique session id
            * Client – login client
     logout
            * Context – internal context id
        fields
             * User – internal user id in context
             disconnect reason
            * Session session Id
             in bytes received
             * Random random
             out bytes send
             * openexchange.grizzly.remoteAddress – client ip
            user – login username
             * openexchange.grizzly.serverName hostname
             method authentication method
             * openexchange.grizzly.userAgent User
             rip remote client ip
             * openexchange.login.client – login client
             lport – local port connected to
            * openexchange.login.login login username
            TLS if connection was using tls
     * logout
             session uniqe session id
        * fields
             * Logout – fixed word
             * Context internal context id
             * User internal user id
             * Session session id
             * openexchange.grizzly.remoteAddress – client ip
             * openexchange.grizzly.serverName hostname
             * openexchange.grizzly.userAgent User

Latest revision as of 10:49, 11 September 2019

Log Forwarding

For customers using OX as a Service (Managed) or OX App Suite Cloud, Open-Xchange provides highly restricted and TLS-encrypted access to a filtered logstream for customer’s internal purposes.

Open-Xchange Logs

  • Log items are in plain ASCII line-based format, with data usually in
  • name=value format (no whitespace in values), space-separated.
  • Non-printable ASCII will be escaped to preserve log integrity
  • Dates are output in the format: YYYY-MMDDTHH:MM:SS.mmm+hh:mm (+hh:mm should be expected as 00:00 as systems running with UTC)
  • events and fields in bold should be available with the log delivery workaround (AppSuite logs) all the fields should be available with the log delivery final solution (Dovecot logs)

IMAP

events
   * failed login
       * fields
           * reason for failed login
           * user – login username
           * method – authentication method
           * rip – remote client ip
           * TLS – if connection was using tls
           * session – uniqe session id
   * succesful login
       * fields
           * user – login username
           * method – authentication method
           * rip – remote client ip
           * lport – local port connected to
           * TLS – if connection was using tls
           * session – unique session id
   * logout
       * fields
           * disconnect reason
           * in – bytes received
           * out – bytes send
           * user – login username
           * method – authentication method
           * rip – remote client ip
           * lport – local port connected to
           * TLS – if connection was using tls
           * session – uniqe session id

POP3

events
   * failed login
       * fields
           * reason for failed login
           * user – login username
           * method – authentication method
           * rip – remote client ip
           * TLS – if connection was using tls
           * session – uniqe session id
   * successful login
       * fields
           * user – login username
           * method – authentication method
           * rip – remote client ip
           * TLS – if connection was using tls
           * session – unique session id
   * logout
       * fields
           * disconnect reason
           * in – bytes received
           * out – bytes sent
           * user – login username
           * method – authentication method
           * rip – remote ip
           * TLS – if connection was using tls
           * session – unique session id

SMTP

events
   * failed login
       * fields
           * disconnect reason
           * user – login username
           * method – authentication method
           * rip – remote ip
           * TLS – if connection was using tls
           * session – unique session id
   * login
       * fields
           * user – login username
           * method – authentication method
           * rip – remote ip
           * TLS – if connection was using tls
           * session – unique session id
   * mail sent
       * fields
           * queue ID
           * message-id
           * from – envelope from
           * size
           * nrcpt – number of recipients
           * to – recipient
           * relay – receiving server
           * status – status of message
           * remote answer
           * delays
           * remove – when message was removed from queue
   * logout
       * fields
           * disconnect reason
           * in – bytes received
           * out – bytes sent
           * user – login username
           * method – authentication method
           * rip – remote ip
           * TLS – if connection was using tls
           * session – unique session id

HTTP

events
   * failed login
       * fields
           * failed reason
           * openexchange.grizzly.remoteAddress – client ip
           * openexchange.grizzly.serverName – hostname
           * openexchange.grizzly.userAgent – User
           * openexchange.login.client – login client
           * openexchange.login.login – login username
   * login
        * fields
           * Login – username
           * IP – client ip
           * AuthID – auth id
           * Agent – user Agent
           * Client – login client
           * Context – internal context id
           * User – internal user id in context
           * Session – session Id
           * Random – random
           * openexchange.grizzly.remoteAddress – client ip
           * openexchange.grizzly.serverName – hostname
           * openexchange.grizzly.userAgent – User
           * openexchange.login.client – login client
           * openexchange.login.login – login username
   * logout
        * fields
           * Logout – fixed word
           * Context – internal context id
           * User – internal user id
           * Session – session id
           * openexchange.grizzly.remoteAddress – client ip
           * openexchange.grizzly.serverName – hostname
           * openexchange.grizzly.userAgent – User