Results 1 to 7 of 7

Thread: audit.log to syslog

  1. #1
    captainmish is offline Loyal Member
    Join Date
    Mar 2007
    Location
    Plymouth, uk
    Posts
    93
    Rep Power
    8

    Default audit.log to syslog

    Hello

    We currently log all of the zimbra syslog stuff to a central syslog server, but are missing out on audit.log - useful for a number of reasons, and very useful to have "off local".

    Is there any simple way to cause zimbra to log this data to syslog instead of the file logs/audit.log ?

  2. #2
    tonster is offline Zimbra Employee
    Join Date
    Dec 2007
    Location
    Ypsilanti, MI
    Posts
    142
    Rep Power
    7

    Default

    Quote Originally Posted by captainmish View Post
    Hello

    We currently log all of the zimbra syslog stuff to a central syslog server, but are missing out on audit.log - useful for a number of reasons, and very useful to have "off local".

    Is there any simple way to cause zimbra to log this data to syslog instead of the file logs/audit.log ?
    This process will vary by OS, but basically you need to modify your syslog configuration to log the stuff that normally logs to audit.log to zimbra.log as well. If you're not familiar with modifying the syslog configuration, let me know your OS and I can probably post the changes you'd need to make.

  3. #3
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    Are the processes that write to audit.log not controlled by the log4j code within Java ? eg. /opt/zimbra/conf/log4j.properties.in/log4j.properties

  4. #4
    captainmish is offline Loyal Member
    Join Date
    Mar 2007
    Location
    Plymouth, uk
    Posts
    93
    Rep Power
    8

    Default

    thanks tonster, but audit.log doesnt even touch syslog - I have *.* already logging to the remote. I tried to modify log4j as uxbod mentioned, but having changed /opt/zimbra/conf/log4j.properties.in/log4j.properties, what service needs to be HUPd or restarted etc to notice? (just changing it and waiting doesnt work)
    Thanks,

  5. #5
    bonoboslr's Avatar
    bonoboslr is offline Special Member
    Join Date
    Jan 2008
    Location
    Pretoria
    Posts
    133
    Rep Power
    7

    Default

    Hi - did you come right with this? I am looking to do the same thing. What did you change in /opt/zimbra/conf/log4j.properties.in ? Did you have to restart zimbra?

  6. #6
    ppearl's Avatar
    ppearl is offline Zimbra Employee
    Join Date
    Jul 2007
    Location
    US
    Posts
    61
    Rep Power
    7

    Default

    To not lead this old thread hanging... if you wanted AUDIT info to go to syslog, I believe you would do something like this:

    * edit log4j.properties.in and change this line:
    log4j.logger.zimbra.security=INFO,AUDIT
    to
    log4j.logger.zimbra.security=INFO,AUDIT,SYSLOG

    * on RHEL edit /etc/sysconfig/syslog and make sure that the SYSLOGD_OPTIONS contains the '-r' option to allow syslog messages over the network (log4j doesn't do unix pipes)

    * restart mailboxd - the log4j options are not reread during runtime

    Of course, this custom config will likely be overwritten on upgrades so be sure you save a copy of your config / notes on changes somewhere so you can reapply after an upgrade.

  7. #7
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    8

    Default

    Has anyone ever gotten this to work?

    I've tried ppearl's suggestions, also the information at Ajcody-Logging - Zimbra :: Wiki, and a few ideas of my own, such as defining a separate SyslogAppender in log4j.properties.in which points directly to the centralized syslog server.

    I've restarted zmconfigdctl, zmmailboxdctl, and zmloggerctl.

    (I haven't restarted Zimbra.)

    Now I'm thinking it may have to do with this line

    log4j.additivity.zimbra.security=false

    Although that doesn't quite make sense based on reading:

    Apache log4j 1.2 - Short introduction to log4j
    Log4j Tutorial: Additivity – what and why? | Veera Sundar
    Log4jXmlFormat - Logging-log4j Wiki

    Nope, commenting that out also doesn't do any good.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 2
    Last Post: 12-10-2009, 03:06 AM
  2. Syslog message. What...
    By Bill Brock in forum Administrators
    Replies: 6
    Last Post: 07-11-2007, 06:24 AM
  3. Syslog
    By Bill Brock in forum Installation
    Replies: 2
    Last Post: 06-04-2007, 08:57 PM
  4. DelegateAuth in audit.log
    By Krishopper in forum Administrators
    Replies: 2
    Last Post: 05-17-2007, 05:08 AM
  5. syslog problem with SUSE10
    By Achim.Theobald in forum Installation
    Replies: 4
    Last Post: 05-30-2006, 03:52 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •