Results 1 to 2 of 2

Thread: difference between ua=zclient and ua=ZimbraWebClient?

  1. #1
    Join Date
    May 2008
    Location
    Taiwan
    Posts
    296
    Rep Power
    7

    Default difference between ua=zclient and ua=ZimbraWebClient?

    Dear all,

    on a zimbra 5.0.9 OSS edition, i found this strange behavior in audit.log:

    2010-02-09 05:20:42,076 WARN [btpool0-19491] [ip=xxx.xxx.xxx.xxx;ua=ZimbraWebClient - IE6 (Win)/5.0.9_GA_2533.RHEL4;] security - cmd=Auth; account=xxx@xxxx.xxxx

    and

    2010-02-09 06:37:37,966 INFO [btpool0-19470] [oip=xxx.xxx.xxx.xxx;ua=zclient/5.0.9_GA_2533.RHEL4;] security - cmd=Auth; account=xxx@xxx.xxx

    both log are for same account, thus i'm wondering :

    1) what's the difference between "ip" and "oip" ?

    2) what's the difference between zclient and ZimbraWebClient?
    I found most of webclient login will be logged as "zclient". any idea why "ZimbraWebClient" is there?

    3) why login via "ZimbraWebClient" is marked as WARN? while login via "zclient" is marked as INFO?

    Thanks.

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Read the second to last post :- http://www.zimbra.com/forums/adminis...l-spoofed.html may want to check the associated account.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •