This is the first time I am trying to understand Zimbra logs. I noticed that every action (like deletion of a mail, addition of an incoming mail etc.) is logged in the mailServer.log file. Since emails can also be deleted (from java code remotely), I wanted to know which IP the command came from. For example, for the below log line (taken from https://wiki.zimbra.com/wiki/Log_Files), what exactly is 'oip' (originating IP).
Is it the IP address of the server from where the command originated ? If yes, then we can find who remotely sent the command (delete/add/expunge etc.). Is that correct ?
2013-08-30 11:19:41,043 INFO [qtp2050551931-94:http://127.0.0.1:8080/service/soap/AuthRequest] [name=user1@example.com;oip=5.6.7.8;ua=zclient/8.0.4_GA_5737;] mbxmgr - Mailbox 3 account abcdef8f-1234-5678-9012-8abcdefe2658 LOADED
Thanks in advance.
Correct, it's the address of the client or, if you have one, the proxy that originated the request
You can log public IP following the steps in this wiki
https://wiki.zimbra.com/wiki/Log_Files#Logging_the_Originating_IP