Zimbra

captainmish · #1 (**permalink**) 12-19-2008, 03:14 AM

Hello

We currently log all of the zimbra syslog stuff to a central syslog server, but are missing out on audit.log - useful for a number of reasons, and very useful to have "off local".

Is there any simple way to cause zimbra to log this data to syslog instead of the file logs/audit.log ?

tonster · #2 (**permalink**) 12-19-2008, 09:08 PM

Quote:

Originally Posted by captainmish

Hello

We currently log all of the zimbra syslog stuff to a central syslog server, but are missing out on audit.log - useful for a number of reasons, and very useful to have "off local".

Is there any simple way to cause zimbra to log this data to syslog instead of the file logs/audit.log ?

This process will vary by OS, but basically you need to modify your syslog configuration to log the stuff that normally logs to audit.log to zimbra.log as well. If you're not familiar with modifying the syslog configuration, let me know your OS and I can probably post the changes you'd need to make.

uxbod · #3 (**permalink**) 12-20-2008, 03:04 AM

Are the processes that write to audit.log not controlled by the log4j code within Java ? eg. /opt/zimbra/conf/log4j.properties.in/log4j.properties

captainmish · #4 (**permalink**) 12-22-2008, 04:56 AM

thanks tonster, but audit.log doesnt even touch syslog - I have *.* already logging to the remote. I tried to modify log4j as uxbod mentioned, but having changed /opt/zimbra/conf/log4j.properties.in/log4j.properties, what service needs to be HUPd or restarted etc to notice? (just changing it and waiting doesnt work)
Thanks,

bonoboslr · #5 (**permalink**) 02-14-2009, 01:07 AM

Hi - did you come right with this? I am looking to do the same thing. What did you change in /opt/zimbra/conf/log4j.properties.in ? Did you have to restart zimbra?

ppearl · #6 (**permalink**) 06-09-2009, 02:19 PM

To not lead this old thread hanging... if you wanted AUDIT info to go to syslog, I believe you would do something like this:

* edit log4j.properties.in and change this line:
log4j.logger.zimbra.security=INFO,AUDIT
to
log4j.logger.zimbra.security=INFO,AUDIT,SYSLOG

* on RHEL edit /etc/sysconfig/syslog and make sure that the SYSLOGD_OPTIONS contains the '-r' option to allow syslog messages over the network (log4j doesn't do unix pipes)

* restart mailboxd - the log4j options are not reread during runtime

Of course, this custom config will likely be overwritten on upgrades so be sure you save a copy of your config / notes on changes somewhere so you can reapply after an upgrade.

ewilen · #7 (**permalink**) 08-26-2011, 08:38 PM

Has anyone ever gotten this to work?

I've tried ppearl's suggestions, also the information at Ajcody-Logging - Zimbra :: Wiki, and a few ideas of my own, such as defining a separate SyslogAppender in log4j.properties.in which points directly to the centralized syslog server.

I've restarted zmconfigdctl, zmmailboxdctl, and zmloggerctl.

(I haven't restarted Zimbra.)

Now I'm thinking it may have to do with this line

log4j.additivity.zimbra.security=false

Although that doesn't quite make sense based on reading:

Apache log4j 1.2 - Short introduction to log4j
Log4j Tutorial: Additivity – what and why? | Veera Sundar
Log4jXmlFormat - Logging-log4j Wiki

Nope, commenting that out also doesn't do any good.

Zimbra

Downloads

Product Information

Toolbox

Why Join?