I have one account that is under attack from someone trying to log in to it.
They system is working great and setting the account to 'locked out' but I need to find out where the attacker is so I can firewall them.
I looked in the /var/log/auth.log file and I see the attempts but it does not show the persons IP address.
What log shows the IP used to try to log in to an account?
Where is the log showing IPs of access attempts?
Where is the log showing IPs of access attempts?
Check /opt/zimbra/log/audit.log. If you're using Zimbra's proxy servers in a multi-server environment, you'll have to check /opt/zimbra/log/nginx.log
If its an SMTP transaction, you'll have to check /var/log/maillog on one of your MTAs.
If you have the proxy/SMTP servers behind a load balancer - then you may have issues tracking the IP down...
If its an SMTP transaction, you'll have to check /var/log/maillog on one of your MTAs.
If you have the proxy/SMTP servers behind a load balancer - then you may have issues tracking the IP down...
Where is the log showing IPs of access attempts?
Thanks, I know it is a Monday now.
I was looking in /var/log not /opt/zimbra/log/
I was looking in /var/log not /opt/zimbra/log/
Where is the log showing IPs of access attempts?
Ok one more question.
I am now able to watch everyone as they log in with their clients, how ever if they log on the web portal to get their mail it is only showing the IP if the Zimbra server. I do not see any logs for Apache. Is there a different file I can look in to to see what IP they are using to try to log in on the web site?
I am now able to watch everyone as they log in with their clients, how ever if they log on the web portal to get their mail it is only showing the IP if the Zimbra server. I do not see any logs for Apache. Is there a different file I can look in to to see what IP they are using to try to log in on the web site?
Where is the log showing IPs of access attempts?
As mentioned in my last post:
If you're using Zimbra's proxy servers in a multi-server environment, you'll have to check /opt/zimbra/log/nginx.log
Even if you're not in a multi-server environment, if you installed the Zimbra proxy, then it will pass through there first.
If you're using Zimbra's proxy servers in a multi-server environment, you'll have to check /opt/zimbra/log/nginx.log
Even if you're not in a multi-server environment, if you installed the Zimbra proxy, then it will pass through there first.