System Log Alerts

RobWilliams

My CSRF Token CSRFToken for the email account I am using with my osTicket periodically stops renewing. I then stop getting emails notifying me of new tickets. And then in the system log under dashboard it says "Invalid CSRF Token CSRFToken". I can monitor the log file with Zabbix if I can find the log file. Can anyone tell me where this system log is stored so that I can have my monitoring software monitor it?

KevinTheJedi

RobWilliams

You are confusing two different things. CSRF Tokens are used for web requests made by Agents and Users. Typically if you get these warnings the session timed out before the User/Agent made the request. But this can also indicate setup/server issues.

For the email portion you are talking about the OAuth2 Access Token and Refresh Token. For this make sure you are using v1.18.1 and the latest build of the OAuth2 plugin. Then simply delete the existing token via the email settings in osTicket and retrieve a new one. From there it should auto renew until the client secret expires. We used to have an old issue with Microsoft where the refresh token wasn’t being updated so after 60-90 days it would expire and require manual refresh. This has since been addressed with v1.18.1 and the latest build of the OAuth2 plugin. Other than that this issue can be due to the App/Project being in test/development mode or maybe there were changes to the email account. For example, Google has a test mode that only allows 30-90 days for each token regardless. The only way to get around that is to publish the app/project so it’s not limited. And for Microsoft I know if you make changes to the email account in Microsoft it invalidates any tokens requiring a manual re-authorization. There is no way to prevent this as far as I know.

Cheers.