Results 1 to 3 of 3

Thread: Audit log in Zimbra 8.0.4 has a strange record

  1. #1
    minhuc is offline Starter Member
    Join Date
    Mar 2014
    Posts
    2
    Rep Power
    1

    Post Audit log in Zimbra 8.0.4 has a strange record

    I think my user email account being hacked then i read my audit log. I see something like:
    2014-03-27 17:45:14,696 INFO [qtp820657724-766419:https://myip:7071/service/admin/soap/] [name=my account;ip=my ip;] security - cmd=Auth; account=my account; protocol=soap;

    But i asked my user, they say they never login webmail to check mail ???

    Are my user account being hacked ?

    Please help me find the answer. thanks in advance

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,490
    Rep Power
    56

    Default

    What you should do is search the forums for answer before you post, security questions and 'hacking' or compromised account questions have been asked and answered in the forums (that goes for most topics). You should also update your current ZCS version immediately because of this and you should read the threads in that link.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    minhuc is offline Starter Member
    Join Date
    Mar 2014
    Posts
    2
    Rep Power
    1

    Default

    hi phoenix,
    I also search log format in zimbra audit log to know the information in this record log:
    2014-03-27 17:45:14,696 INFO [qtp820657724-766419:https://myip:7071/service/admin/soap/] [name=my account;ip=my ip;] security - cmd=Auth; account=my account; protocol=soap;
    before i post a new topic. I don't understand the information that the above log row contain ! I think that log record mean my user access webmail on 2014-03-27 17:45:14 and i ask him to comfirm but he say no, he dont use web mail. (this is the problem ? who say wrong ? Zimbra or user ? )
    Actualy, i need to know what zimbra do in that log record ? I need to tell with my boss whether his account being hacked or it's normal !
    I'll have a plan to update my zimbra server.
    Thanks you

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Changing permissions for /opt/zimbra/log/audit.log
    By Sam159 in forum Administrators
    Replies: 2
    Last Post: 01-21-2014, 03:22 AM
  2. How to enable sending to A record if MX record not found?
    By maxchowhk in forum Administrators
    Replies: 10
    Last Post: 10-06-2012, 06:39 PM
  3. audit.log zimbra 6.06 ubuntu64 multiserver
    By teo in forum Administrators
    Replies: 0
    Last Post: 11-04-2010, 03:20 AM
  4. Replies: 11
    Last Post: 05-12-2009, 06:26 AM
  5. Zimbra IM audit log
    By augusto in forum Administrators
    Replies: 0
    Last Post: 09-26-2008, 05:31 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •