Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
 
Go Back   Zimbra - Forums > Zimbra Collaboration Suite > Administrators
Reload this Page audit.log to syslog

Welcome to the Zimbra - Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 12-19-2008, 03:14 AM
Senior Member
  
Posts: 63
Default audit.log to syslog
Hello

We currently log all of the zimbra syslog stuff to a central syslog server, but are missing out on audit.log - useful for a number of reasons, and very useful to have "off local".

Is there any simple way to cause zimbra to log this data to syslog instead of the file logs/audit.log ?
Reply With Quote
  #2 (permalink)  
Old 12-19-2008, 09:08 PM
Zimbra Employee
  
Posts: 40
Default
Quote:
Originally Posted by captainmish View Post
Hello

We currently log all of the zimbra syslog stuff to a central syslog server, but are missing out on audit.log - useful for a number of reasons, and very useful to have "off local".

Is there any simple way to cause zimbra to log this data to syslog instead of the file logs/audit.log ?
This process will vary by OS, but basically you need to modify your syslog configuration to log the stuff that normally logs to audit.log to zimbra.log as well. If you're not familiar with modifying the syslog configuration, let me know your OS and I can probably post the changes you'd need to make.
Reply With Quote
  #3 (permalink)  
Old 12-20-2008, 03:04 AM
Moderator
  
Posts: 5,806
Default
Are the processes that write to audit.log not controlled by the log4j code within Java ? eg. /opt/zimbra/conf/log4j.properties.in/log4j.properties
__________________
SplatNIX IT Services :: Innovation through Collaboration™


http://www.messagefortress.com
Reply With Quote
  #4 (permalink)  
Old 12-22-2008, 04:56 AM
Senior Member
  
Posts: 63
Default
thanks tonster, but audit.log doesnt even touch syslog - I have *.* already logging to the remote. I tried to modify log4j as uxbod mentioned, but having changed /opt/zimbra/conf/log4j.properties.in/log4j.properties, what service needs to be HUPd or restarted etc to notice? (just changing it and waiting doesnt work)
Thanks,
Reply With Quote
  #5 (permalink)  
Old 02-14-2009, 01:07 AM
Special Member
  
Posts: 133
Default
Hi - did you come right with this? I am looking to do the same thing. What did you change in /opt/zimbra/conf/log4j.properties.in ? Did you have to restart zimbra?
Reply With Quote
  #6 (permalink)  
Old 06-09-2009, 02:19 PM
Zimbra Employee
  
Posts: 9
Default
To not lead this old thread hanging... if you wanted AUDIT info to go to syslog, I believe you would do something like this:

* edit log4j.properties.in and change this line:
log4j.logger.zimbra.security=INFO,AUDIT
to
log4j.logger.zimbra.security=INFO,AUDIT,SYSLOG

* on RHEL edit /etc/sysconfig/syslog and make sure that the SYSLOGD_OPTIONS contains the '-r' option to allow syslog messages over the network (log4j doesn't do unix pipes)

* restart mailboxd - the log4j options are not reread during runtime

Of course, this custom config will likely be overwritten on upgrades so be sure you save a copy of your config / notes on changes somewhere so you can reapply after an upgrade.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

Zimbrablog.com


Home - Blog - Contact Us - Archive - Top


 

Search Engine Optimization by vBSEO 3.1.0