ZCS 8.7.1 and Zmauditswatch Failed after upgrade

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
MartinsBonders
Posts: 22
Joined: Wed May 18, 2016 8:12 am

ZCS 8.7.1 and Zmauditswatch Failed after upgrade

Postby MartinsBonders » Sun Jan 01, 2017 8:38 pm

Hello!

I have upgrades from 8.6 to 8.7.1 and now Starting auditswatch...failed.
I was using this manual: https://wiki.zimbra.com/wiki/Zmauditswatch

Error: /opt/zimbra/bin/zmauditswatchctl: line 107: /opt/zimbra/libexec/auditswatch: No such file or directory

Is 8.7.1 do not support Zmauditswatch?


milauria
Advanced member
Advanced member
Posts: 51
Joined: Mon Aug 15, 2016 12:32 pm

Re: ZCS 8.7.1 and Zmauditswatch Failed after upgrade

Postby milauria » Thu Jul 13, 2017 2:58 pm

Same here !

Code: Select all

[zimbra@mail root]$ zmauditswatchctl start
Starting auditswatch...failed.


Is this working for anybody ?
User avatar
DualBoot
Outstanding Member
Outstanding Member
Posts: 719
Joined: Mon Apr 18, 2016 8:18 pm
Location: Earth
ZCS/ZD Version: ZCS FLOSS - 8.7.11 Mutli servers

Re: ZCS 8.7.1 and Zmauditswatch Failed after upgrade

Postby DualBoot » Thu Jul 13, 2017 3:26 pm

hello,

Do you plan to upgrade to a higher version ? Because I did not encounter this problem till now and with lastest version of version.
Or did you search into the log ?

Regards,
milauria
Advanced member
Advanced member
Posts: 51
Joined: Mon Aug 15, 2016 12:32 pm

Re: ZCS 8.7.1 and Zmauditswatch Failed after upgrade

Postby milauria » Fri Jul 14, 2017 12:04 am

I am running on Zimbra 8.7.11 which should be the latest and just now trying to use zmauditwatch for the first time

By tailing the zmauditswatch.out I have:

Code: Select all

/opt/zimbra/bin/zmauditswatchctl: line 107: /opt/zimbra/libexec/auditswatch: No such file or directory

Seems to be an outstanding bug since 2016 that still needs to be fixed: https://bugzilla.zimbra.com/show_bug.cgi?id=106053. I tried to implement the patch file included in the bug report and the service is starting, did not test yet if it does what it says

Implementation of zmauditswatch as a startup service it's a complicated with Centos7 as the instruction in the wiki are valid for Centos 6
It would be nice if zmauditswatch a) gets fixed in the next zimbra revison b) starts automatically with zimbra without needing to setup startup scripts

I hope I am not missing anything here ...
milauria
Advanced member
Advanced member
Posts: 51
Joined: Mon Aug 15, 2016 12:32 pm

Re: ZCS 8.7.1 and Zmauditswatch Failed after upgrade

Postby milauria » Fri Jul 14, 2017 11:36 am

Also it seems zmauditswatch does not sends email alerts ... per instructions here: https://wiki.zimbra.com/wiki/Zmauditswatch

I have done: "zmlocalconfig -e zimbra_swatch_notice_user=email@domain.com" and then "zmauditswatch restart"

When looking in /opt/zimbra/conf/auditswatchrc I noticed the email address has been inserted with a "/" before the "@domain.com"

Code: Select all

watchfor /\[.*\w+=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3});.*\]\s+.*cmd=.*Auth; account=(.*?);.*error=authentication failed for .*/
        exec /bin/echo "IP:Acct failure threshold exceeded: $1 $2"
        mail addresses=email\@domain.com,subject="ABUSE: IP:Acct threshold exceeded: $1 $2"
        threshold track_by=$1:$2,type=both,count=10,seconds=3600
        continue

Could that be the problem? I have not been able to troubleshoot by tailing the log (I don't know which log to monitor to see if the system is sending the mail)
Any advise to amke it work ?
milauria
Advanced member
Advanced member
Posts: 51
Joined: Mon Aug 15, 2016 12:32 pm

Re: ZCS 8.7.1 and Zmauditswatch Failed after upgrade

Postby milauria » Fri Jul 14, 2017 4:05 pm

My zimbra sendmail is misconfigured .... I followed this wiki: https://wiki.zimbra.com/wiki/How_to_%22fix%22_system%27s_sendmail_to_use_that_of_zimbra
paying attention that the links are outdated for Zimbra 8.7

I created a sendmail alternative for my Centos7 MTA and Zimbra 8.7 like this:

Code: Select all

alternatives --install /usr/sbin/sendmail mta /opt/zimbra/common/sbin/sendmail 25 \
       --slave /usr/bin/mailq mta-mailq /opt/zimbra/common/sbin/mailq \
       --slave /usr/bin/newaliases mta-newaliases /opt/zimbra/common/sbin/newaliases \
       --slave /usr/share/man/man1/mailq.1.gz mta-mailqman /opt/zimbra/common/share/man/man1/mailq.1 \
       --slave /usr/share/man/man1/newaliases.1.gz mta-newaliasesman /opt/zimbra/common/share/man/man1/newaliases.1 \
       --slave /usr/share/man/man8/sendmail.8.gz mta-sendmailman /opt/zimbra/common/share/man/man1/sendmail.1 \
       --slave /usr/share/man/man5/aliases.5.gz mta-aliasesman /opt/zimbra/common/share/man/man5/aliases.5 \
       --initscript zimbra
alternatives --config mta

I could select the zimbra sendmail mta to send emails from scripts and command line
Note I left untouched the /usr/sbin/sendmail symbolic link

Code: Select all

lrwxrwxrwx 1 root root 21 Jul 15 10:21 /usr/sbin/sendmail -> /etc/alternatives/mta

Hope it helps somebody else
johnjeked
Posts: 2
Joined: Thu Aug 24, 2017 1:20 am

Re: ZCS 8.7.1 and Zmauditswatch Failed after upgrade

Postby johnjeked » Wed Oct 04, 2017 4:23 am

Thanks for this post.

Initially we were unable to even start the service with Zimbra 8.7.

Code: Select all

Starting auditswatch...failed


Which lead us to the bug:
https://bugzilla.zimbra.com/show_bug.cgi?id=106053

Attachment:
http://bugzilla-attach.zimbra.com/attachment.cgi?id=66723

Essentially download the attached auditswatch_870 and rename, move, perms, etc
On our machine:

Code: Select all

wget http://bugzilla-attach.zimbra.com/attachment.cgi?id=66723
mv attachment.cgi\?id\=66723 auditswatch
ls /opt/zimbra/libexec/auditswatch
   ls: cannot access /opt/zimbra/libexec/auditswatch: No such file or directory
mv auditswatch  /opt/zimbra/libexec/auditswatch
chown root:root /opt/zimbra/libexec/auditswatch
chmod 0755 /opt/zimbra/libexec/auditswatch


And tried restarting now:

Code: Select all

zmauditswatchctl start
zmauditswatchctl start...done


Then we got some odd errors about not finding a file when trying to send email notification during testing:

Code: Select all

/opt/zimbra/data/tmp/.swatch_script.2721: cannot open pipe to : Broken pipe


Which lead me back here again and to the above mentioned link to fix sendmail:
https://wiki.zimbra.com/wiki/How_to_%22fix%22_system%27s_sendmail_to_use_that_of_zimbra


Our steps:
Check if alernative in use

Code: Select all

ls -l /usr/sbin/sendmail
update-alternatives --display mta


Not in use so just added as alternative mta...

Code: Select all

/usr/sbin/alternatives --install /usr/sbin/sendmail mta /opt/zimbra/common/sbin/sendmail 25 \
 --slave /usr/bin/mailq mta-mailq /opt/zimbra/common/sbin/mailq \
 --slave /usr/bin/newaliases mta-newaliases /opt/zimbra/common/sbin/newaliases \
--slave /usr/share/man/man1/mailq.1.gz mta-mailqman /opt/zimbra/common/share/man/man1/mailq.1 \
--slave /usr/share/man/man1/newaliases.1.gz mta-newaliasesman /opt/zimbra/common/share/man/man1/newaliases.1 \
--slave /usr/share/man/man8/sendmail.8.gz mta-sendmailman /opt/zimbra/common/share/man/man1/sendmail.1 \
--slave /usr/share/man/man5/aliases.5.gz mta-aliasesman /opt/zimbra/common/share/man/man5/aliases.5 \
--initscript zimbra


And we are up and running.

Thanks for the pointers here guys appreciate it.
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2769
Joined: Thu May 22, 2014 4:47 pm

Re: ZCS 8.7.1 and Zmauditswatch Failed after upgrade

Postby jorgedlcruz » Wed Oct 04, 2017 9:13 am

Hello,
Noted and updated the Wiki, on this section:

Best regards
Jorge de la Cruz https://jorgedelacruz.es
Technical Marketing Manager at Zimbra/Synacor https://www.zimbra.com/
manumaha
Posts: 4
Joined: Sat Sep 13, 2014 3:22 am

Re: ZCS 8.7.1 and Zmauditswatch Failed after upgrade

Postby manumaha » Wed Apr 25, 2018 6:09 am

Hi,

Is there a workaround for ZCS 8.7.11 installed on Ubuntu 16.04 64-bit too.
I was able to configure the zmauditswatch utility and it starts without any issues.
Though I am not able to send alert emails through sendmail mta.
Please help.

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 5 guests