ZCS 8.7.1 and Zmauditswatch Failed after upgrade

[MartinsBonders]

Hello!

I have upgrades from 8.6 to 8.7.1 and now Starting auditswatch...failed.
I was using this manual: https://wiki.zimbra.com/wiki/Zmauditswatch

Error: /opt/zimbra/bin/zmauditswatchctl: line 107: /opt/zimbra/libexec/auditswatch: No such file or directory

Is 8.7.1 do not support Zmauditswatch?

[milauria]

Same here !

Code: Select all

[zimbra@mail root]$ zmauditswatchctl start
Starting auditswatch...failed.

Is this working for anybody ?

[DualBoot]

hello,

Do you plan to upgrade to a higher version ? Because I did not encounter this problem till now and with lastest version of version.
Or did you search into the log ?

Regards,

[milauria]

I am running on Zimbra 8.7.11 which should be the latest and just now trying to use zmauditwatch for the first time

By tailing the zmauditswatch.out I have:

Code: Select all

/opt/zimbra/bin/zmauditswatchctl: line 107: /opt/zimbra/libexec/auditswatch: No such file or directory

Seems to be an outstanding bug since 2016 that still needs to be fixed: https://bugzilla.zimbra.com/show_bug.cgi?id=106053. I tried to implement the patch file included in the bug report and the service is starting, did not test yet if it does what it says

Implementation of zmauditswatch as a startup service it's a complicated with Centos7 as the instruction in the wiki are valid for Centos 6
It would be nice if zmauditswatch a) gets fixed in the next zimbra revison b) starts automatically with zimbra without needing to setup startup scripts

I hope I am not missing anything here ...

[milauria]

Also it seems zmauditswatch does not sends email alerts ... per instructions here: https://wiki.zimbra.com/wiki/Zmauditswatch

I have done: "zmlocalconfig -e zimbra_swatch_notice_user=email@domain.com" and then "zmauditswatch restart"

When looking in /opt/zimbra/conf/auditswatchrc I noticed the email address has been inserted with a "/" before the "@domain.com"

Code: Select all

watchfor /\[.*\w+=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3});.*\]\s+.*cmd=.*Auth; account=(.*?);.*error=authentication failed for .*/
        exec /bin/echo "IP:Acct failure threshold exceeded: $1 $2"
        mail addresses=email\@domain.com,subject="ABUSE: IP:Acct threshold exceeded: $1 $2"
        threshold track_by=$1:$2,type=both,count=10,seconds=3600
        continue

Could that be the problem? I have not been able to troubleshoot by tailing the log (I don't know which log to monitor to see if the system is sending the mail)
Any advise to amke it work ?

[milauria]

My zimbra sendmail is misconfigured .... I followed this wiki: https://wiki.zimbra.com/wiki/How_to_%22 ... _of_zimbra
paying attention that the links are outdated for Zimbra 8.7

I created a sendmail alternative for my Centos7 MTA and Zimbra 8.7 like this:

Code: Select all

alternatives --install /usr/sbin/sendmail mta /opt/zimbra/common/sbin/sendmail 25 \
       --slave /usr/bin/mailq mta-mailq /opt/zimbra/common/sbin/mailq \
       --slave /usr/bin/newaliases mta-newaliases /opt/zimbra/common/sbin/newaliases \
       --slave /usr/share/man/man1/mailq.1.gz mta-mailqman /opt/zimbra/common/share/man/man1/mailq.1 \
       --slave /usr/share/man/man1/newaliases.1.gz mta-newaliasesman /opt/zimbra/common/share/man/man1/newaliases.1 \
       --slave /usr/share/man/man8/sendmail.8.gz mta-sendmailman /opt/zimbra/common/share/man/man1/sendmail.1 \
       --slave /usr/share/man/man5/aliases.5.gz mta-aliasesman /opt/zimbra/common/share/man/man5/aliases.5 \
       --initscript zimbra
alternatives --config mta

I could select the zimbra sendmail mta to send emails from scripts and command line
Note I left untouched the /usr/sbin/sendmail symbolic link

Code: Select all

lrwxrwxrwx 1 root root 21 Jul 15 10:21 /usr/sbin/sendmail -> /etc/alternatives/mta

Hope it helps somebody else

[johnjeked]

Thanks for this post.

Initially we were unable to even start the service with Zimbra 8.7.

Code: Select all

Starting auditswatch...failed

Which lead us to the bug:
https://bugzilla.zimbra.com/show_bug.cgi?id=106053

Attachment:
http://bugzilla-attach.zimbra.com/attac ... i?id=66723

Essentially download the attached auditswatch_870 and rename, move, perms, etc
On our machine:

Code: Select all

wget http://bugzilla-attach.zimbra.com/attachment.cgi?id=66723
mv attachment.cgi\?id\=66723 auditswatch
ls /opt/zimbra/libexec/auditswatch
	ls: cannot access /opt/zimbra/libexec/auditswatch: No such file or directory
mv auditswatch  /opt/zimbra/libexec/auditswatch
chown root:root /opt/zimbra/libexec/auditswatch
chmod 0755 /opt/zimbra/libexec/auditswatch

And tried restarting now:

Code: Select all

zmauditswatchctl start
zmauditswatchctl start...done

Then we got some odd errors about not finding a file when trying to send email notification during testing:

Code: Select all

/opt/zimbra/data/tmp/.swatch_script.2721: cannot open pipe to : Broken pipe

Which lead me back here again and to the above mentioned link to fix sendmail:
https://wiki.zimbra.com/wiki/How_to_%22 ... _of_zimbra


Our steps:
Check if alernative in use

Code: Select all

ls -l /usr/sbin/sendmail
update-alternatives --display mta

Not in use so just added as alternative mta...

Code: Select all

/usr/sbin/alternatives --install /usr/sbin/sendmail mta /opt/zimbra/common/sbin/sendmail 25 \
 --slave /usr/bin/mailq mta-mailq /opt/zimbra/common/sbin/mailq \
 --slave /usr/bin/newaliases mta-newaliases /opt/zimbra/common/sbin/newaliases \
--slave /usr/share/man/man1/mailq.1.gz mta-mailqman /opt/zimbra/common/share/man/man1/mailq.1 \
--slave /usr/share/man/man1/newaliases.1.gz mta-newaliasesman /opt/zimbra/common/share/man/man1/newaliases.1 \
--slave /usr/share/man/man8/sendmail.8.gz mta-sendmailman /opt/zimbra/common/share/man/man1/sendmail.1 \
--slave /usr/share/man/man5/aliases.5.gz mta-aliasesman /opt/zimbra/common/share/man/man5/aliases.5 \
--initscript zimbra

And we are up and running.

Thanks for the pointers here guys appreciate it.

[jorgedlcruz]

Hello,
Noted and updated the Wiki, on this section:

• https://wiki.zimbra.com/wiki/Zmauditswa ... _ZCS_8.7.x

Best regards

[manumaha]

Hi,

Is there a workaround for ZCS 8.7.11 installed on Ubuntu 16.04 64-bit too.
I was able to configure the zmauditswatch utility and it starts without any issues.
Though I am not able to send alert emails through sendmail mta.
Please help.