ZCS Administrator Guide 8.0
ZCS Administrator Guide 8.0
Open Source Edition


Monitoring ZCS Servers > Viewing Log Files

Viewing Log Files
ZCS logs its activities and errors to a combination of system logs through the syslog daemon as well as Zimbra specific logs on the local file system. The logs described below are the primary logs that are used for analysis and troubleshooting.
Local logs containing Zimbra activity are in the /opt/zimbra/log directory.
*
audit.log. This log contains authentication activity of users and administrators and login failures. In addition, it logs admin activity to be able to track configuration changes.
*
clamd.log. This log contains activity from the antivirus application clamd.
*
freshclam.log. This log contains log information related to the updating of the clamd virus definitions.
*
mailbox.log. This log is a mailboxd log4j server log containing the logs from the mailbox server. This includes the mailbox store, LMTP server, IMAP and POP servers, and Index server.
*
myslow.log. This slow query log consists of all SQL statements from the mailbox server that took more then long_query_time seconds to execute. Note: long_query_time is defined in /opt/zimbra/my.cnf.
*
spamtrain.log. This log contains output from zmtrainsa during regularly scheduled executions from the cron.
*
sync.log. This log contains information about ZCS mobile sync operations.
Other logs include:
*
/opt/zimbra/jetty/logs/. This is where Jetty-specific activity is logged.
*
/opt/zimbra/db/data. <hostname>.err. This is the message store database error log.
*
/opt/zimbra/logger/db/data. <hostname>.err. This is the Logger database error log.
ZCS activity logged to System syslog
*
/var/log/zimbra.log. The Zimbra syslog details the activities of the Zimbra MTA (Postfix, amavisd, antispam, antivirus), Logger, Authentication (cyrus-sasl), and Directory (OpenLDAP). By default LDAP activity is logged to Zimbra.log.
Copyright © 2012 VMware Inc.