This feature is available from version 7.2.0
- Login on ACSIA SOS
- Click on Devices in the side menu
- Identify the machine where Zimbra is installed and click on the Edit button (pencil icon)
- Select the Custom Logs tab and click on “+ Custom Log” button
- Add the following custom logs:
- File path: /opt/zimbra/log/audit.log
Category: syslog
Log format: syslog
Make sure that the switch is Enabled and click Save. - File path: /opt/zimbra/log/nginx.log
Category: NGINX
Log format: apache
Make sure that the switch is Enabled and click Save. - File path: /opt/zimbra/log/access_log.*
Category: Apache HTTP Server Project
Log format: apache
Make sure that the switch is Enabled and click Save.
- File path: /opt/zimbra/log/audit.log
Important Note
To ensure optimal performance and prevent delays in log analysis by ACSIA SOS, it is recommended to manage the size of the logs in the /opt/zimbra/log
directory. Specifically, focus on the access_log.*
files. If there are many large access_log.*
files currently present in this directory, consider moving them to a backup folder. This helps ACSIA SOS to process only the necessary logs without being overwhelmed by older, larger files.
- If you have a log retention policy that only keeps logs from the current day or the past few days, this step may not be necessary.
- If there is no such retention policy, we recommend moving older
access_log.*
files to a backup directory to allow ACSIA SOS to analyze new logs efficiently.
If you are unsure how to manage your logs, please contact our support team for assistance. Following this practice will help maintain ACSIA SOS’s performance and ensure timely detection of any security events.