Question: Anyone tried to recieve "Authorisation requests" into a monitoring tool?

[strikegun79]

Hello,
we are using zabbix as monitoring tool and would like to monitor the email proxy authorisation requests.
The log file are full of success messages and we don't see any log level switch for linux systems.

Or is it possible to write a plugin to send an echo to a logfile, if a request is prompted?

Thanks for any ideas.

[simonrob]

Could you clarify what sort of output you are hoping to see in the log files? E.g., failed as well as successful authentication requests?

The only current log level switch is to enable full log output (via --debug), which causes the log to contain all communication between the client, proxy and server (as well as the proxy's own relatively minimal messages).

[strikegun79]

Sure,
at the moment we have a lot Success connection in the Logs. in the script I see, that is on INFO level.
It would be helpfull if there would be more output level for the logs.
WARN -> only show warnings like authentication needed and successful authentication
ERROR -> only errors

At the moment we are monitoring the logfile and scanning the last 20 entries. with all the connection messages, we get to large logs and difficult with the regex matches.

Also it would be great, if the loglevel and file can be set in the config file instead over start parameters.
should I do another request for the idea, to save tokens not in the config file, better in a separate file. It would help to edit the config file, while the programm is running and changing tokens in the background.

[simonrob]

At the moment there are three types of log messages used: DEBUG (toggled by --debug at startup or while running by sending SIGUSR1), INFO and ERROR. If debug mode is not enabled the log output level is set to INFO, but your log parser can of course choose to ignore these and just receive ERROR-level messages.

The original reason for not using WARNING-level messages was the proxy's support for multiple platforms. For macOS in particular, there are limitations around log levels when using syslog. Login prompts could potentially be sent as WARNING-level messages to differentiate them from other outputs, I suppose. I'm not sure whether this would make much difference, though – there really aren't many INFO message types at the moment, and if you filtered out Accepting new connection from [...] and Successfully authenticated [...] you'd be left with little else except login prompts.

To be honest, I'm not quite sure why this is an issue. I'd expect login prompts to happen very infrequently – something approaching an annual basis or even less often is pretty typical. If you're using a setup where high uptime is a necessity and even this is not acceptable, it's better to use one of the non-interactive authentication methods such as O365 CCG/ROPCG or a Gmail Service Account to avoid the need for any manual intervention.

Re: saving tokens in the configuration file, see the --cache-store option. To reload the configuration while running, send SIGHUP.