[ZendTo] Interesting issue with historical logging/resurrecting old zendto from backup !!NOSIG!! !!NOADV!!

Elston, Ian I.Elston at bolton.ac.uk
Thu Mar 28 17:05:04 GMT 2024 

Yeah mine too.  Not sure how I can stop that from happening since I need it on the network to access it.


-----------------------------------------------
Ian Elston
Senior Networks officer
Information Systems & Technology
The University of Bolton
http://www.bolton.ac.uk

-----Original Message-----
From: Dale E. Qualls <deq at pattishall.com>
Sent: 28 March 2024 16:57
To: 'ZendTo Users' <zendto at zend.to>
Cc: Elston, Ian <I.Elston at bolton.ac.uk>
Subject: RE: Interesting issue with historical logging/resurrecting old zendto from backup !!NOSIG!! !!NOADV!!

        You don't often get email from deq at pattishall.com. Learn why this is important <https://aka.ms/LearnAboutSenderIdentification>

WARNING: This message originated from outside the University. Use caution when following links or opening attachments.

Maybe the log rotation happened upon the server updating it’s date/time via NTP on bootup and since it was more than 7 days old based on current time it rotated them?



Just a thought.







 <http://images.pattishall.com/images/pattishalllogo.jpg>




Dale E. Qualls
Director of Information Technology
Pattishall, McAuliffe, Newbury, Hilliard & Geraldson LLP
200 South Wacker Drive, Suite 2900
Chicago, IL 60606-5896
Direct: (312) 554-7979 Main: (312) 554-8000 Fax: (312) 554-8015 deq at pattishall.com <mailto:deq at pattishall.com>  www.pattishall.com <http://www.pattishall.com>





________________________________

The preceding message and any attachments may contain confidential information protected by the attorney-client or other privilege. You may not forward this message or any attachments without the permission of the sender. If you believe that it has been sent to you in error, please reply to the sender that you received the message in error and then delete it. Nothing in this email message, including the typed name of the sender and/or this signature block, is intended to constitute an electronic signature unless a specific statement to the contrary is included in the message.

________________________________



From: ZendTo <zendto-bounces at zend.to> On Behalf Of Elston, Ian via ZendTo
Sent: Thursday, March 28, 2024 11:53 AM
To: ZendTo Users <zendto at zend.to>
Cc: Elston, Ian <I.Elston at bolton.ac.uk>
Subject: [ZendTo] Interesting issue with historical logging/resurrecting old zendto from backup



External email, exercise caution.



Had an interesting issue the last couple of days, wondered if anyone had run into similar.

As high-up user asked me if there was a way of checking the activity around a particular drop off, what was uploaded when, and downloaded when by who. This was back at the end of Jan. We delete drop-offs after 7 days.

The zendto.log on the live server did not go back far enough (maybe I need to amend my log rotation settings here...) so I restored the logs off a backup from within 7 days of the drop-off being made. I knew the uploader and the recipient, so I was able to find the drop-off ID and therefore all the corresponding log entries.

From zendto.log I was able to ascertain the time of upload, the IP Address of the upload, the fact there were 3 files in the upload (but not the filenames), and that the email was sent to the recipient. I could then determine when the files were downloaded and from what IP Address. Either 1 single file was downloaded, or the entire drop-off in an entire zip file. So I know for certain the name of ONE of the files.

What I've been asked is if I can evidence the names of the files which were uploaded, as the user recalls there should've been 4.

I've tried to recover the server from backup within that 7day period, changed it's IP, switched from SAML to local authenticator, and I can log in as a local user who is an admin. BUT the zendto.log is empty aside from today's entries, and there are no drop-offs listed, but in the filesystem there are drop-offs, including the one I'm interested in in /var/zendto/drop-offs

I'm assuming the filenames are randomised in the filesystem for privacy, which I sort of understand.

What I don't get is why my zendto log is empty, and I have no drop-offs in the UI.



-----------------------------------------------
Ian Elston
Senior Networks officer
Information Systems & Technology
The University of Bolton
http://www.bolton.ac.uk

[University of Bolton]<https://www.bolton.ac.uk>

This email (and any attachments) is confidential and may contain personal views which are not the views of the University of Bolton unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose information in any way nor act in reliance on it and notify the sender immediately. Please note the University of Bolton monitors emails sent or received. Further communication will signify your consent to this.

_______________________________________________
ZendTo mailing list
ZendTo at zend.to <mailto:ZendTo at zend.to>
http://jul.es/mailman/listinfo/zendto





[University of Bolton]<https://www.bolton.ac.uk>

This email (and any attachments) is confidential and may contain personal views which are not the views of the University of Bolton unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose information in any way nor act in reliance on it and notify the sender immediately. Please note the University of Bolton monitors emails sent or received. Further communication will signify your consent to this.

More information about the ZendTo mailing list