Zimbra Collaboration Suite 7.0
Zimbra Collaboration Suite 7.0
Administrator's Guide
Open Source Edition


Monitoring Zimbra Servers > Log Files

Log Files
The Zimbra Collaboration Suite logs its activities and errors to a combination of system logs through the syslog daemon as well as Zimbra specific logs on the local file system. The logs described below are the primary logs that are used for analysis and troubleshooting.
Local logs containing Zimbra activity are in the /opt/zimbra/log directory.
*
audit.log. This log contains authentication activity of users and administrators and login failures. In addition, it logs admin activity to be able to track configuration changes.
*
clamd.log. This log contains activity from the antivirus application clamd.
*
freshclam.log. This log contains log information related to the updating of the clamd virus definitions.
*
logger_myslow.log. This slow query log consists of all SQL statements that took more than long_query_time seconds to execute. Note: long_query_time is defined in /opt/zimbra/my.logger.cnf.
*
mailbox.log. This log is a mailboxd log4j server log containing the logs from the mailbox server. This includes the mailbox store, LMTP server, IMAP and POP servers, and Index server.
*
myslow.log. This slow query log consists of all SQL statements from the mailbox server that took more then long_query_time seconds to execute. Note: long_query_time is defined in /opt/zimbra/my.cnf.
*
spamtrain.log. This log contains output from zmtrainsa during regularly scheduled executions from the cron.
*
sync.log. This log contains information about ZCS mobile sync operations.
Other logs include:
*
/opt/zimbra/jetty/logs/. This is where Jetty-specific activity is logged.
*
/opt/zimbra/db/data. <hostname>.err. This is the message store database error log.
*
/opt/zimbra/logger/db/data. <hostname>.err. This is the Logger database error log.
ZCS activity logged to System syslog
*
/var/log/zimbra.log. The Zimbra syslog details the activities of the Zimbra MTA (Postfix, amavisd, antispam, antivirus), Logger, Authentication (cyrus-sasl), and Directory (OpenLDAP). By default LDAP activity is logged to Zimbra.log.