-
Notifications
You must be signed in to change notification settings - Fork 47
Syslog Integration
This article will talk about the integration of syslog technology with z-push in a linux debian system. This does not cover the syslog configuration deeply but cover the usual case for a z-push syslog integration with syslog.
This feature is available since Z-Push 2.3.0.
In the debian ecosystem, you have the choice of two program for syslog technology. There's syslog-ng and rsyslog. The package rsyslog shall be used. You can install it with aptitude install rsyslog.
The first thing to do is to change the LOG_BACKEND from filelog to syslog`.
define('LOGBACKEND', 'filelog'); becomes `define('LOGBACKEND', 'syslog')
Next, the z-push syslog configuration part is what interest us.
define('LOG_SYSLOG_HOST', false);
// Syslog port
define('LOG_SYSLOG_PORT', 514);
// Program showed in the syslog. Useful if you have more than one instance login to the same syslog
define('LOG_SYSLOG_PROGRAM', 'z-push');
// Syslog facility
define('LOG_SYSLOG_FACILITY', LOG_LOCAL0);
The LOG_SYSLOG_HOST and LOG_SYSLOG_PORT are used when you want to use a remote syslog daemon instead of a local one. This should not be used because a local syslog directly on the server can forward any log to any remote syslog server. By default, Z-push will log everything into local0 facility but you can easily change it with the LOG_SYSLOG_FACILITY config. The program name can also be changed but should remain at z-push.
Z-push will use two program name tag. The first is the core logs which are logs that comes from everything that is not backend code. The second is the backend logs which are logs that comes directly from backend code. The program name are respectively z-push/core and z-push/{backendname} i.e. z-push/zarafa, z-push/imap, etc. If you changed the LOG_SYSLOG_PROGRAM name config, the z-push part will be what you will have set in the config. The rsyslog config file is usually located into /etc/rsyslog.conf and /etc/rsyslog.d/*.conf.
Syslog use different log level than z-push. Here is the mapping.
SYSLOG Z-PUSH
0 Emergency: system is unusable nothing
1 Alert: action must be taken immediately LOGLEVEL_FATAL
2 Critical: critical conditions nothing
3 Error: error conditions LOGLEVEL_ERROR
4 Warning: warning conditions LOGLEVEL_WARN
5 Notice: normal but significant condition LOGLEVEL_INFO
6 Informational: informational messages nothing
7 Debug: debug-level messages LOGLEVEL_DEBUG, LOGLEVEL_WBXML, LOGLEVEL_DEVICEID, LOGLEVEL_WBXMLSTACK
If you decided to change the LOG_SYSLOG_PROGRAM configuration, you have to change the filters to whatever value you have set.
A typical filter that separate the core logs and the backend logs into two files.
:syslogtag, ereregex, "^z-push/core" /var/log/z-push/core.log
& stop
:syslogtag, ereregex, "^z-push/zarafa" /var/log/z-push/zarafa.log
& stop
Another filter that simple take everything z-push has to give and put it into a single file
:programname, ereregex, "^z-push" /var/log/z-push/all.log
& stop
If you want to send every debug level into another file, you can use this filter to send every message with log level debug to /var/log/debug.
*.=debug /var/log/debug
& stop
To forward every log to another syslog server with ip address 10.0.0.2.
*.* @@10.0.0.2:514;RSYSLOG_ForwardFormat