Page tree
Skip to end of metadata
Go to start of metadata

This article will talk about the integration of syslog technology with z-push in a linux debian system. This does not cover the syslog configuration deeply but cover the usual case for a z-push syslog integration with syslog.

This feature is available since Z-Push 2.3.0.

 

Installing syslog

In the debian ecosystem, you have the choice of two program for syslog technology. There's syslog-ng and rsyslog. The package rsyslog shall be used. You can install it with `aptitude install rsyslog`.

Z-push syslog configuration

The first thing to do is to change the LOG_BACKEND from `filelog to `syslog`.

define('LOGBACKEND', 'filelog'); becomes `define('LOGBACKEND', 'syslog')

Next, the z-push syslog configuration part is what interest us.

define('LOG_SYSLOG_HOST', false);
// Syslog port
define('LOG_SYSLOG_PORT', 514);
// Program showed in the syslog. Useful if you have more than one instance login to the same syslog
define('LOG_SYSLOG_PROGRAM', 'z-push');
// Syslog facility
define('LOG_SYSLOG_FACILITY', LOG_LOCAL0);

The LOG_SYSLOG_HOST and LOG_SYSLOG_PORT are used when you want to use a remote syslog daemon instead of a local one. This should not be used because a local syslog directly on the server can forward any log to any remote syslog server. By default, Z-push will log everything into local0 facility but you can easily change it with the LOG_SYSLOG_FACILITY config. The program name can also be changed but should remain at z-push.

Syslog daemon configuration

 Z-push will use two program name tag. The first is the core logs which are logs that comes from everything that is not backend code. The second is the backend logs which are logs that comes directly from backend code. The program name are respectively z-push/core and z-push/{backendname} i.e. z-push/zarafa, z-push/imap, etc. If you changed the LOG_SYSLOG_PROGRAM name config, the z-push part will be what you will have set in the config. The rsyslog config file is usually located into `/etc/rsyslog.conf` and `/etc/rsyslog.d/*.conf`.

Syslog log level

Syslog use different log level than z-push. Here is the mapping.

SYSLOG                                                Z-PUSH
 0       Emergency: system is unusable                nothing
 1       Alert: action must be taken immediately      LOGLEVEL_FATAL
 2       Critical: critical conditions                nothing
 3       Error: error conditions                      LOGLEVEL_ERROR
 4       Warning: warning conditions                  LOGLEVEL_WARN
 5       Notice: normal but significant condition     LOGLEVEL_INFO
 6       Informational: informational messages        nothing
 7       Debug: debug-level messages                  LOGLEVEL_DEBUG, LOGLEVEL_WBXML, LOGLEVEL_DEVICEID, LOGLEVEL_WBXMLSTACK

Syslog filter example

If you decided to change the LOG_SYSLOG_PROGRAM configuration, you have to change the filters to whatever value you have set.

A typical filter that separate the core logs and the backend logs into two files.

:syslogtag, ereregex, "^z-push/core" /var/log/z-push/core.log
& stop

:syslogtag, ereregex, "^z-push/zarafa" /var/log/z-push/zarafa.log
& stop

Another filter that simple take everything z-push has to give and put it into a single file

:programname, ereregex, "^z-push" /var/log/z-push/all.log
& stop

If you want to send every debug level into another file, you can use this filter to send every message with log level debug to /var/log/debug.

*.=debug /var/log/debug
& stop

To forward every log to another syslog server with ip address 10.0.0.2.

*.* @@10.0.0.2:514;RSYSLOG_ForwardFormat

 

  • No labels