Logs¶
Zentyal log queries¶
Zentyal provides an infrastructure that allows its modules to log all types of events that can be useful for the administrator. These logs are available through the Zentyal interface. These logs are stored in a database for making queries, reports and updates in an easier and more efficient way. The database manager used is PostgreSQL [1].
| [1] | PostgreSQL The world’s most advanced open source database http://www.postgresql.org/. |
You can also configure different dispatchers for the events so that the administrator can be notified by different means (Email, Jabber or RSS [2]).
| [2] | RSS Really Simple Syndication is an XML format used mainly to publish frequently updated works http://www.rssboard.org/rss-specification/. |
Zentyal offers logs for the following services:
- OpenVPN (Virtual private network (VPN) service)
- SMTP Filter (SMTP mail filter)
- POP3 proxy (Transparent proxy for POP3 mailboxes)
- Printers (Printers sharing service)
- Firewall (Firewall)
- DHCP (Network configuration service (DHCP))
- Email (Electronic Mail Service (SMTP/POP3-IMAP4))
- HTTP Proxy (HTTP Proxy Service)
- Shared files (File sharing and authentication service)
- IDS (Intrusion Detection System (IDS))
You can also receive notifications of the following events:
- Specific values in the logs.
- Zentyal health status.
- Service status.
- Events of the RAID subsystem per software.
- Free disk space.
- Problems with the outgoing Internet routers.
- Completion of a full data backup.
First, to be able to work with the logs, just like with any other Zentyal modules, you must make sure that the module is enabled.
To enable it, go to Module status and check the logs box. To obtain reports from the existing logs, you can go to the Logs ‣ Query logs section from Zentyal menu.
You can get a Full report of all log domains. Moreover, some of them give you an interesting Summarized Report that provides an overview of the service during a period of time.
Query log screen
In the Full report you have a list of all registered actions for the selected domain. The information provided depends on each domain. For example, for the OpenVPN domain you can see the connections to a VPN server of a client with a specific certificate or for example, for the HTTP Proxy you can see the pages denied to a specific client. Therefore, you can make a customized query that allows you to filter by time period or different values that depend on the type of domain. You can store these queries as events so that you will be notified when a match occurs. Furthermore, if the query doesn’t have an upper bound in time, the results will automatically refresh with new data.
Full report screen
The Summarized reports allows you to select the time period of the report, which may be one hour, one day, a week or a month. The information that you obtain is one or more graphs, accompanied by a summary table with total values of different data. In the image you can see, for example, daily request statistics and daily HTTP Proxy traffic.
Summarized report screen
Configuration of Zentyal logs¶
Once you have seen how to check the logs, it is also important to know that you can configure them in the menuselection:Logs –> Configure logs section from Zentyal menu.
Log configuration screen
The values you can configure for each installed domain are:
- Enabled:
- If this option isn’t enabled, no logs are written for this domain.
- Purge logs older than:
- This option establishes the maximum time during which the logs will be saved. All the values that are older than the specified time will be discarded.
In addition, you can also force the instant removal of all the logs earlier to a certain period. You can do this by clicking on the Purge in the Force log purge section that allows you to select different intervals, from one hour to 90 days.