Logger (ZCS 5.0.x and earlier)

Although the logger is not essential for Zimbra to operate, this article will describe setup, configuration, and troubleshooting of the logger service for ZCS 5.0.x and earlier.

Setup and Configuration


If the logger service is installed during ZCS installation, zmsetup.pl runs zmloggerinit, which A) creates the zimbra_logger database and the tables shown in the output below, and B) generates the zimbra and root mysql user passwords, and stores them in zmlocalconfig.

Multi-node Installations

Note: See also the Monitoring Zimbra Servers.

1. Set the log hostname to the name of the node running the logger service. For this example, it's called mail1.domain.com.

$ zmprov getConfig zimbraLogHostname
$ zmprov modifyConfig zimbraLogHostname mail1.domain.com

2. Configure syslog on each node. This must be done as root on each node.

# /opt/zimbra/bin/zmsyslogsetup

3. In order to allow the log host to accept log messages from the other nodes, add the "-r" option to the SYSLOGD_OPTIONS line in /etc/sysconfig/syslog (this must also be done as root); for example:



Accessing the logger MySQL database manually

$ logmysql zimbra_logger

mysql> show tables;
| Tables_in_zimbra_logger |
| amavis                  |
| amavis_aggregate        |
| config                  |
| disk_aggregate          |
| disk_status             |
| mta                     |
| mta_aggregate           |
| processing_history      |
| raw_logs                |
| service_status          |

Checking and Repairing the tables in the logger database

Mysql has built-in tools for checking and repairing the database. You should check all of the tables in the logger database, and repair each one that indicates it needs repair.

Here is an example, using the "raw_logs" table:

$ logmysql zimbra_logger

mysql> check table raw_logs;
| Table                  | Op    | Msg_type | Msg_text |
| zimbra_logger.raw_logs | check | status   | OK       | 
1 row in set (1.06 sec)

If a table does not show OK status, try repairing:

mysql> repair table raw_logs;
| Table                  | Op     | Msg_type | Msg_text |
| zimbra_logger.raw_logs | repair | status   | OK       | 
1 row in set (2.32 sec)

See MySQL documentation for more information.

Overview of logger pipeline

1. The mta components (postfix, amavis) and system status scripts (zmstatuslog, zmdisklog, zmqueuelog) log to /var/log/zimbra.log.

2. The logswatch script monitors /var/log/zimbra.log and sends new lines to the zmlogger script.

3. The zmlogger script inserts the log lines into the raw_logs table, and updates the service_status table, in the zimbra_logger database.

4. The zmlogprocess script breaks down the lines from the raw_logs table and inserts the data into the mta, mta_aggregate, amavis, amavis_aggregate, disk_status, disk_aggregate, and processing_history tables of the zimbra_logger db.

How to determine why logger isn't working

Why does the logger service stop? The two main causes are log rotation and a bug in zmlogswatchctl before ZCS 4.5.

Check the logger mysql error log

The logger mysql error log will be /opt/zimbra/logger/db/data/<hostname>.err. For example, if your server's hostname is "zimbra.domain.com", the file will be /opt/zimbra/logger/db/data/zimbra.domain.com.err.

Try repairing the corrupt tables if you see any lines like this:

070927 14:30:01 [ERROR] /opt/zimbra/logger/mysql/libexec/mysqld: Table './zimbra_logger/raw_logs' is marked as crashed and last (automatic?) repair failed

Check "zmcontrol status"

1. If "logmysql.server is not running", verify whether A) the file /opt/zimbra/logger/db/mysql.pid exists, and B) there is an /opt/zimbra/logger/mysql/libexec/mysqld process.

cat /opt/zimbra/logger/db/mysql.pid
ps aux | grep logger/mysql

Under normal operation, the id of this mysqld process will be in the mysql.pid file.

2. If "zmlogswatchctl is not running", verify whether A) the file /opt/zimbra/log/logswatch.pid exists, and B) there is a single /opt/zimbra/libexec/logswatch process.

cat /opt/zimbra/log/logswatch.pid
ps aux | grep logswatch

3. If "logger Running", verify that the logger database is accessible and that there are not multiple logswatch scripts running (see #2).

logmysqladmin status
ps aux | grep logswatch

Check the MTA log

1. Is there MTA activity?

grep postfix /var/log/zimbra.log | tail
grep amavis /var/log/zimbra.log | tail

2. Is there ZCS system information?

grep STATUS /var/log/zimbra.log | tail
grep DISK /var/log/zimbra.log | tail
grep QUEUE /var/log/zimbra.log | tail

Check the logger database

1. Is data making it to the service_status and raw_logs tables (choose the current date)?

logmysql zimbra_logger
select * from service_status;
select * from raw_logs where log_date >= curdate();     # Today's entries
# or
select * from raw_logs where log_date > '2007-03-15';  # Entries newer than 2007-03-15


zmlogswatchctl is not running

Admin console only showing data for the log host in a multi-node installation

What queries the logger database

1. The zmdailyreport script processes data from the mta and amavis tables, and emails the results to root, which is normally an alias to the original zimbra admin account.

[zimbra@mail ~]$ crontab -l | grep zmdailyreport
10 1 * * * /opt/zimbra/libexec/zmdailyreport | /opt/zimbra/postfix/sbin/sendmail root
[zimbra@mail ~]$ zmprov getAccount admin | grep Alias
zimbraMailAlias: root@mail.domain.com
zimbraMailAlias: postmaster@mail.domain.com

2. The zmmsgtrace tool queries the mta and amavis tables and outputs basic info about matching messages.

3. The zmgengraphs script queries the disk_aggregate, mta_aggregate, and amavis_aggregate tables and creates images that will be displayed in the admin console.

4. Loading the admin console queries the service_status table, and [viewing server statistics] will display the graphs created by zmgengraphs.


How to shrink logger database

For first time is good to clean db manually if the database is very big. The commands bellow will delete all data in three tables (mta, amavis, raw_logs). If you need this data don't execute them!

 $zmlogswatchctl stop (don't execute "zmloggerctl stop" this also stops logger mysqld)
 $logmysql -D zimbra_logger
 mysql> delete from amavis;
 mysql> optimize table amavis;
 mysql> delete from mta;
 mysql> optimize table mta;
 mysql> delete from raw_logs;
 mysql> optimize table raw_logs;
 mysql> quit
 $zmlogswatchctl start

Be patient, each deleting query may lasts for a long time!

Here is a script for database cleaning. Run it under zimbra account. If the database is big and the execution time is long enough do zmlogswatchctl stop command to prevent zimbra accessing database. And don't forget make zmlogswatchctl start after the script.

 AMAVIS=10 #keep last 10 days
 MTA=30 #keep last 30 days
 RAW=2 #keep last 2 days
 /opt/zimbra/bin/logmysql -D zimbra_logger << EOF
 delete from amavis where arrive_time < adddate(curdate(),interval -$AMAVIS day);
 optimize table amavis;
 select count(*) AS amavis_rec_left from amavis;
 delete from mta where (arrive_time > "2000-01-01" and arrive_time < adddate(curdate(),interval -$MTA day)) or 
   (leave_time > "2000-01-01" and leave_time < adddate(curdate(),interval -$MTA day));
 optimize table mta;
 select count(*) AS MTA_rec_left from mta;
 delete from raw_logs where log_date < adddate(curdate(),interval -$RAW day);
 optimize table raw_logs;
 select count(*) AS raw_rec_left from raw_logs;
Jump to: navigation, search