On Saturday 25 April 2015 04:58:17 Dale Carter wrote: > In order for ClamAv to be considered PCI Compliant the logs need to be > kept for 12 months, preferably on a remote server. > > How do I configure logs to be kept for this long or is there a way to > do it using rsyslog to a remote server for ClamAV
I have no idea about its doing a whole year, but that IS what logrotate is all about. The problem as I see it in the size of the storage needed for that many generations of logs. On a busy server, huge could be an underestimate. Logrotate is if anything, versatile, its a bash script and I'd imagine it wouldn't be too hard to write a rule that ran once a month or week to move the older ones to a remote storage location. I would do that by mv'ing the one to be moved to be log.xx until xx was 53, in which case rm the zeroth copy, and mv the rest down by one to restore a zeroth copy. In that manner the zeroth log would always be the oldest one, and name-log.52.gz then the most recent as of the last run. GZip whats being moved if logrotate has not already done so via its normal rules. Bash is a very versatile language, bone up on that puppy. I even write background daemons in it. I don't have to "go get my mail" from any of my accounts. fetchmail runs every so many seconds, procmail puts the stuff that survives spamassassin and clamscan into /var/mail/$user, inotifywait tells bash its there, and sends kmail a getmail command over dbus or dcop. All I do is sit here, listen to the beeps when a mail arrives, and answer a mail question like this if I can suggest a way to do it. Another bash script working on the same principle, prints any file dropped into a directory created for that use, keeping a record that can itself be reprinted, of the last 25 such items I printed. > If anyone has configured these settings before, it would be a big > help. > > Thanks > > Dale Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
