On Mar 16, 2004, at 6:28 PM, Wayne Sierke wrote:
On Tue, 2004-03-16 at 08:45, Jonathan T. Sage wrote:Hope this is of some use:<snip>
Here's what I got:
Clamd log rotation:
first and foremost, make sure that clamav is gonna drop a pidfile. in /usr/local/etc/clamav.conf, uncomment:
# This option allows you to save the process identifier of the listening
# daemon (main thread).
then, add the following (one line) to /etc/newsyslog.conf
/var/log/clamd.log 644 3 * $W0D1 BJ \ /var/run/clamd.pid 1
this will rotate the log once a week, keep 3 of them (current log +3
weeks). it will also compress the old one with bzip2 and SIGHUP the
clamd process. seems to work just fine for me, running clamav-devel on
-current (Mar 3 or so right now)
# ls -lrt /var/log/clamd* -rw-r----- 1 clamav clamav 0 Mar 17 06:00 /var/log/clamd.log -rw-r----- 1 clamav clamav 35873 Mar 17 09:00 /var/log/clamd.log.0
# tail -n 6 /var/log/clamd.log.0 Wed Mar 17 05:58:54 2004 -> SelfCheck: Database status OK. Wed Mar 17 06:00:00 2004 -> SIGHUP catched: log file re-opened. Wed Mar 17 06:00:00 2004 -> ERROR: accept() failed. Wed Mar 17 06:59:32 2004 -> SelfCheck: Database status OK. Wed Mar 17 08:00:10 2004 -> SelfCheck: Database status OK. Wed Mar 17 09:00:48 2004 -> SelfCheck: Database status OK.
# portversion -v "clamav*" clamav-0.67.1 = up-to-date with port
Hmm, just saw a submission to -ports for an update to 0.70-rc, looks like that version is needed to have the SIGHUP handling (according to its NEWS file).
I suppose the next question is, how *should* I be doing the log rotation (if I do a ports update and it does indeed update to .70)...what entries in the newsyslog.conf file should be made and what, if anything, needs to be entered into the clamav file?
I don't want to mix "workaround for not continuing to log" old method with new "works with sighup" method...
Thanks everyone! -Bart
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"