[ZendTo] Interesting issue with historical logging/resurrecting old zendto from backup
Elston, Ian
I.Elston at bolton.ac.uk
Thu Mar 28 16:53:02 GMT 2024
Had an interesting issue the last couple of days, wondered if anyone had run into similar.
As high-up user asked me if there was a way of checking the activity around a particular drop off, what was uploaded when, and downloaded when by who. This was back at the end of Jan. We delete drop-offs after 7 days.
The zendto.log on the live server did not go back far enough (maybe I need to amend my log rotation settings here...) so I restored the logs off a backup from within 7 days of the drop-off being made. I knew the uploader and the recipient, so I was able to find the drop-off ID and therefore all the corresponding log entries.
>From zendto.log I was able to ascertain the time of upload, the IP Address of the upload, the fact there were 3 files in the upload (but not the filenames), and that the email was sent to the recipient. I could then determine when the files were downloaded and from what IP Address. Either 1 single file was downloaded, or the entire drop-off in an entire zip file. So I know for certain the name of ONE of the files.
What I've been asked is if I can evidence the names of the files which were uploaded, as the user recalls there should've been 4.
I've tried to recover the server from backup within that 7day period, changed it's IP, switched from SAML to local authenticator, and I can log in as a local user who is an admin. BUT the zendto.log is empty aside from today's entries, and there are no drop-offs listed, but in the filesystem there are drop-offs, including the one I'm interested in in /var/zendto/drop-offs
I'm assuming the filenames are randomised in the filesystem for privacy, which I sort of understand.
What I don't get is why my zendto log is empty, and I have no drop-offs in the UI.
-----------------------------------------------
Ian Elston
Senior Networks officer
Information Systems & Technology
The University of Bolton
http://www.bolton.ac.uk
[University of Bolton]<https://www.bolton.ac.uk>
This email (and any attachments) is confidential and may contain personal views which are not the views of the University of Bolton unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose information in any way nor act in reliance on it and notify the sender immediately. Please note the University of Bolton monitors emails sent or received. Further communication will signify your consent to this.
More information about the ZendTo
mailing list