On Tuesday, February 23, 2016 at 3:40:29 PM UTC+5:30, Jesus Linares wrote:
> It seems your solution is working, but I give you others possible ways to > write in syslog: > > - freshclam: edit */etc/clamav/freshclam.conf* and set "LogSyslog yes" > > I had though that freshclam (which is running as service from the apt package) was already logging to syslog, but I see that it is not. > - clamscan: clamscan --infected -r $SCAN_DIRECTORY --log=$LOG_FILE > --stdout | logger -i -t clamav > > Very nice, I was not aware of logger. I will change over to this. (FYI, the ossec decoder expects the programto be 'clamd' not 'clamav'.) > - clamd: I think, clamd writes in syslog by default. > > Yes, this is what I started with, using clamdscan instead. But clamd runs as clamav user, and hence did not have privs to see pretty much anything. I tried configuring apparmor to give it access specified directories but that did not seem work. thanks much Jesus -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
