This is a short but valuable post. Next week we will Open Source our ELK Stack
By default when you do a Multi-Server Installation of Zimbra, one of the servers gets elected as a central log server. This server must have installed the
Zimbra-Logger package to work correctly.
Later on you have to configure the local
Syslog software on every other server of the platform, you do this running the
/opt/zimbra/libexec/zmsyslogsetup command. What this command do is:
1. Read the value of the
2. Modify the local Syslog software
If we take as an example Rsyslog, the configuration is done on the
/etc/rsyslog.conf file of your servers, which should look something like this:
1 2 3 4 5 6 7 8
What is wrong with this?
If you have several servers as we do at ZBox, you are going to start wasting a lot network bandwidth with all this logs, and in reallity, you don’t need to send all the logs to
The only log you need to send to
Zimbra Logger use the information of the
/var/log/zimbra-stats.log file to show the status of the server in the Web Admin Console.
So you can optimize your configuration to something like this:
1 2 3 4
You can improve it a bit more an reduce it to this:
1 2 3
Because Rsyslog by default store
mail.* into the
maillog file, so you really don’t need
That’s all. Next post we are going to show how we use Elasticsearch, Logstash and Kibana and from where you can get and use our setup.