Hi Barry,
It seems your solution is working, but I give you others possible ways to
write in syslog:
- freshclam: edit */etc/clamav/freshclam.conf* and set "LogSyslog yes"
- clamscan: clamscan --infected -r $SCAN_DIRECTORY --log=$LOG_FILE
--stdout | logger -i -t clamav
- Example: clamscan --infected -r /usr/share/clamav-testfiles
--log=/var/log/clamav/clamav.log --stdout | *logger -i -t clamd*
- clamd: I think, clamd writes in syslog by default.
Regards.
Jesus Linares.
On Tuesday, February 23, 2016 at 9:10:34 AM UTC+1, Barry Kaplan wrote:
>
> Looks like the clamav rules are just fine.
>
> Only the clamav daemon writes to syslog. So I added a rsyslog config:
>
> $ModLoad imfile
>
> $InputFileName {{ clamav_scan_log_file }}
> $InputFileTag clamd:
> $InputFileStateFile stat-{{ clamav_scan_log_file }}
>
> $InputFileSeverity error
> $InputFileFacility local7
> $InputRunFileMonitor
>
>
> Then some cron jobs to run clamscan on directories, eg (where I have the
> EICAR test signature file in /tmp):
>
> clamscan --log=/var/log/clamav/clamav.log --no-summary --infected --remove
> =no --recursive=yes /tmp
>
> And magically I get alerts in OSSEC. Very very nice.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
