Thanks GED
Apologies for the lack of context, the server is Ubuntu 14.04 on Amazon running
ClamAV version as below
ClamAV 0.98.6/20384/Mon Apr 27 12:36:55 2015
There is an /etc/logrotate.conf file and an /etc/logrotate.d directory
Inside the directory are two clam av files
clamav-freshclam
clamav-daemon
Clamav-freshclam contents are
/var/log/clamav/freshclam.log {
rotate 12
weekly
compress
delaycompress
missingok
create 640 clamav adm
postrotate
/etc/init.d/clamav-freshclam reload-log > /dev/null
endscript
}
I expect the 12 needs to be changed to 52 to get 1 year rotation
clamav-daemon contents are
/var/log/clamav/clamav.log {
rotate 12
weekly
compress
delaycompress
create 640 clamav adm
postrotate
/etc/init.d/clamav-daemon reload-log > /dev/null
endscript
}
Again I expect rotated needs to be changed to 52
Thanks again for pointing me in the right direction...
Dale
-----Original Message-----
From: clamav-users [mailto:[email protected]] On Behalf Of
[email protected]
Sent: 27 April 2015 12:00 am
To: [email protected]
Subject: clamav-users Digest, Vol 127, Issue 18
Send clamav-users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific than "Re:
Contents of clamav-users digest..."
Today's Topics:
1. Re: PCI DSS - Configuring ClamAv Logs to be Retained for 12
Months (G.W. Haywood)
----------------------------------------------------------------------
Message: 1
Date: Sat, 25 Apr 2015 18:29:51 +0100 (BST)
From: "G.W. Haywood" <[email protected]>
To: [email protected]
Subject: Re: [clamav-users] PCI DSS - Configuring ClamAv Logs to be
Retained for 12 Months
Message-ID:
<[email protected]>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Hi there,
On Sat, 25 Apr 2015, Dale Carter wrote:
> In order for ClamAv to be considered PCI Compliant the logs need to be
> kept for 12 months, preferably on a remote server.
>
> How do I configure logs to be kept for this long or is there a way to
> do it using rsyslog to a remote server for ClamAV
>
> If anyone has configured these settings before, it would be a big help.
You need to tell us a bit more. You haven't told us what version of ClamAV
you're using and you haven't told us what operating system(s) you're using
either.
If you're running some flavour of Unix then perhaps you're using logrotate and
syslogd. If you're using logrotate it's trivial to change the rotation
interval (e.g. daily, weekly, monthly) and the length of time that logs are
kept. Look in /etc/logrotate.conf if you have such a file on the machine
that's running ClamAV, and possibly also at files in in /etc/logrotate.d/ if
you have such a directory.
All the configuration files are plain text and you can edit them with any text
editor. They're self-explanatory.
Here's a sample of one of the logrotate configuration files on one of my mail
servers:
root@mail4:~# cat /etc/logrotate.d/mail # mail4:/etc/logrotate.d/mail
/var/log/mail.info /var/log/mail.warn /var/log/mail.err /var/log/mail.log
/var/log/mail.milter-regex /var/log/daemon.log /var/log/kern.log
/var/log/auth.log /var/log/user.log /var/log/cron.log /var/log/debug
/var/log/messages /var/log/dmesg {
monthly
rotate 600
missingok
notifempty
compress
delaycompress
sharedscripts
}
# EOF: /etc/logrotate.d/mail
The following should help with logging remotely with syslogd:
http://unixhelp.ed.ac.uk/CGI/man-cgi?syslog.conf+5
It's less self-explanatory but you can find some examples in that man page, and
many more elsewhere on the 'net.
As with many daemons, you need to restart syslogd or send it a SIGHUP to get it
to read a changed configuration. More details here:
http://unixhelp.ed.ac.uk/CGI/man-cgi?syslogd+8
Make safe copies of any files that you change before you change them.
Sometimes people break things and it's easier to get back to square 1 if you
have the old configuration files. :)
If you're running Windows, now might be a good time to change. :)
--
73,
Ged.
------------------------------
Subject: Digest Footer
_______________________________________________
clamav-users mailing list
[email protected]
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
------------------------------
End of clamav-users Digest, Vol 127, Issue 18
*********************************************
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
