On Mar 16, 2004, at 6:28 PM, Wayne Sierke wrote:

On Tue, 2004-03-16 at 08:45, Jonathan T. Sage wrote:
Hope this is of some use:


Clamd log rotation:

first and foremost, make sure that clamav is gonna drop a pidfile.  in
/usr/local/etc/clamav.conf, uncomment:

# This option allows you to save the process identifier of the listening
# daemon (main thread).
PidFile /var/run/clamd.pid

then, add the following (one line) to /etc/newsyslog.conf

/var/log/clamd.log                      644  3     *    $W0D1 BJ \
     /var/run/clamd.pid  1

this will rotate the log once a week, keep 3 of them (current log +3
weeks). it will also compress the old one with bzip2 and SIGHUP the
clamd process. seems to work just fine for me, running clamav-devel on
-current (Mar 3 or so right now)

Here's what I got:

# ls -lrt /var/log/clamd*
-rw-r-----  1 clamav  clamav      0 Mar 17 06:00 /var/log/clamd.log
-rw-r-----  1 clamav  clamav  35873 Mar 17 09:00 /var/log/clamd.log.0

# tail -n 6 /var/log/clamd.log.0
Wed Mar 17 05:58:54 2004 -> SelfCheck: Database status OK.
Wed Mar 17 06:00:00 2004 -> SIGHUP catched: log file re-opened.
Wed Mar 17 06:00:00 2004 -> ERROR: accept() failed.
Wed Mar 17 06:59:32 2004 -> SelfCheck: Database status OK.
Wed Mar 17 08:00:10 2004 -> SelfCheck: Database status OK.
Wed Mar 17 09:00:48 2004 -> SelfCheck: Database status OK.

# portversion -v "clamav*"
 clamav-0.67.1               =  up-to-date with port

Hmm, just saw a submission to -ports for an update to 0.70-rc, looks like that version is needed to have the SIGHUP handling (according to its NEWS file).

I suppose the next question is, how *should* I be doing the log rotation (if I do a ports update and it does indeed update to .70)...what entries in the newsyslog.conf file should be made and what, if anything, needs to be entered into the clamav file?

I don't want to mix "workaround for not continuing to log" old method with new "works with sighup" method...

Thanks everyone!

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to