Re: [clamav-users] connect clamscan output to journal with systemd-cat
Do you want the info in journald or just in syslog? Because rsyslog can monitor logfiles directly too. Your call to clamscan from cron might refuse to output info (because no tty perhaps), maybe first try to get logs from clamscan via cron directly? Franky Op Donderdag, 04-04-2019 om 09:46 schreef Kretschmer, Jens: I probably should have mentioned that this was a minimum non-working example, which would _never_ be used on a production system. I thought that that was pretty obvious... The output is actually stored in a separate log file and not with the syslog. If you knew the complete setup, you would agree with my use of systemd-cat. Does anybody have any ideas how I can solve my problem? Best regards, Jens -Original Message- From: Dave Nelson * Sent: Wednesday, April 3, 2019 5:21 PM To: ClamAV users ML Subject: Re: [clamav-users] connect clamscan output to journal with systemd-cat Also, it should be totally unnecessary to scan your filesystem every minute, and will place an unnecessary load on your server. Postfix (or whatever) will run clamav when it needs to. And you can maybe run a full scan on your filesystem once every 24 hours if you feel paranoid. (IMHO.) Postfix will log every detection of an incoming virus, so you can watch that log, too, for a fuller view of what's happening (/var/log/mail.log by default on an Ubuntu system). Dave On 2019-04-03 17:48, Dave Nelson via clamav-users wrote: > You can configure a log specially for clamav, and that should be > plenty. Also, you can install logwatch and get mail updates once a day > or more often. You can also install netdata if you want to monitor in > real time, or simply watch the output of 'tail -f > /var/log/clamav/clamav.log' it's every server admin's pleasure > and duty to watch his/her server's logs roll by in a terminal window > periodically. ;-) Dave > > On 2019-04-03 15:58, SCOTT PACKARD via clamav-users wrote: >> Logfiles are a place where a sysadmin notices a host running smoothly >> (lack of anything in logs) or has problems (error messages about the >> programs show up in the logs). >> >> Looks like you are trying to misuse logfiles as a place to put >> successful/unsuccessful output that's produced by a program. >> >> You'll want to create a separate log for your program, foo.log, and >> write it to /var/log/ directory. >> >> Others can comment about scanning a host every minute. >> >> Regards, Scott >> >> FROM: clamav-users ON BEHALF >> OF Kretschmer, Jens >> SENT: Wednesday, April 03, 2019 1:34 AM >> TO: clamav-users@lists.clamav.net >> SUBJECT: [External] [clamav-users] connect clamscan output to journal >> with systemd-cat >> >> Hi, >> >> I would like to redirect the output of clamscan to the journal, which >> should by possible by >> >> /usr/bin/clamscan -r /root/ 2>&1 | /usr/bin/systemd-cat >> --identifier="clamscan" >> >> or >> >> /usr/bin/systemd-cat --identifier="clamscan" /usr/bin/clamscan -r >> /root/ >> >> While both commands work when executed manually in the terminal, the >> output is not redirected when executed by a cronjob. If I put the >> following line into the file /etc/cron.d/clamav >> >> * * * * * root /usr/bin/systemd-cat --identifier="clamscan" >> /usr/bin/clamscan -r /root/ >> >> I can see that the clamscan process is started every minute, but the >> output is not redirected to the journal. >> >> If I put the line >> >> * * * * * root /usr/bin/systemd-cat --identifier="clamscan" ls /root/ >> >> Into the file /etc/cron.d/clamav, it is executed every minute as well >> and I can see the output of ls in the journal. >> >> Do you have any idea what could be causing the issue? >> >> Best regards, >> Jens >> >> ___ >> >> clamav-users mailing list >> clamav-users@lists.clamav.net >> https://lists.clamav.net/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > > -- > With all best wishes, > Dave > > ___ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml -- With all best wishes, Dave
Re: [clamav-users] connect clamscan output to journal with systemd-cat
I probably should have mentioned that this was a minimum non-working example, which would _never_ be used on a production system. I thought that that was pretty obvious... The output is actually stored in a separate log file and not with the syslog. If you knew the complete setup, you would agree with my use of systemd-cat. Does anybody have any ideas how I can solve my problem? Best regards, Jens -Original Message- From: Dave Nelson Sent: Wednesday, April 3, 2019 5:21 PM To: ClamAV users ML Subject: Re: [clamav-users] connect clamscan output to journal with systemd-cat Also, it should be totally unnecessary to scan your filesystem every minute, and will place an unnecessary load on your server. Postfix (or whatever) will run clamav when it needs to. And you can maybe run a full scan on your filesystem once every 24 hours if you feel paranoid. (IMHO.) Postfix will log every detection of an incoming virus, so you can watch that log, too, for a fuller view of what's happening (/var/log/mail.log by default on an Ubuntu system). Dave On 2019-04-03 17:48, Dave Nelson via clamav-users wrote: > You can configure a log specially for clamav, and that should be > plenty. Also, you can install logwatch and get mail updates once a day > or more often. You can also install netdata if you want to monitor in > real time, or simply watch the output of 'tail -f > /var/log/clamav/clamav.log' it's every server admin's pleasure > and duty to watch his/her server's logs roll by in a terminal window > periodically. ;-) Dave > > On 2019-04-03 15:58, SCOTT PACKARD via clamav-users wrote: >> Logfiles are a place where a sysadmin notices a host running smoothly >> (lack of anything in logs) or has problems (error messages about the >> programs show up in the logs). >> >> Looks like you are trying to misuse logfiles as a place to put >> successful/unsuccessful output that's produced by a program. >> >> You'll want to create a separate log for your program, foo.log, and >> write it to /var/log/ directory. >> >> Others can comment about scanning a host every minute. >> >> Regards, Scott >> >> FROM: clamav-users ON BEHALF >> OF Kretschmer, Jens >> SENT: Wednesday, April 03, 2019 1:34 AM >> TO: clamav-users@lists.clamav.net >> SUBJECT: [External] [clamav-users] connect clamscan output to journal >> with systemd-cat >> >> Hi, >> >> I would like to redirect the output of clamscan to the journal, which >> should by possible by >> >> /usr/bin/clamscan -r /root/ 2>&1 | /usr/bin/systemd-cat >> --identifier="clamscan" >> >> or >> >> /usr/bin/systemd-cat --identifier="clamscan" /usr/bin/clamscan -r >> /root/ >> >> While both commands work when executed manually in the terminal, the >> output is not redirected when executed by a cronjob. If I put the >> following line into the file /etc/cron.d/clamav >> >> * * * * * root /usr/bin/systemd-cat --identifier="clamscan" >> /usr/bin/clamscan -r /root/ >> >> I can see that the clamscan process is started every minute, but the >> output is not redirected to the journal. >> >> If I put the line >> >> * * * * * root /usr/bin/systemd-cat --identifier="clamscan" ls /root/ >> >> Into the file /etc/cron.d/clamav, it is executed every minute as well >> and I can see the output of ls in the journal. >> >> Do you have any idea what could be causing the issue? >> >> Best regards, >> Jens >> >> ___ >> >> clamav-users mailing list >> clamav-users@lists.clamav.net >> https://lists.clamav.net/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > > -- > With all best wishes, > Dave > > ___ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml -- With all best wishes, Dave ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] connect clamscan output to journal with systemd-cat
Hi there, On Wed, 3 Apr 2019, Kretschmer, Jens wrote: I would like to redirect the output of clamscan to the journal ... man logger Do you have any idea what could be causing the issue? It's not clear to me which system you're using, but try man cron -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] connect clamscan output to journal with systemd-cat
Also, it should be totally unnecessary to scan your filesystem every minute, and will place an unnecessary load on your server. Postfix (or whatever) will run clamav when it needs to. And you can maybe run a full scan on your filesystem once every 24 hours if you feel paranoid. (IMHO.) Postfix will log every detection of an incoming virus, so you can watch that log, too, for a fuller view of what's happening (/var/log/mail.log by default on an Ubuntu system). Dave On 2019-04-03 17:48, Dave Nelson via clamav-users wrote: You can configure a log specially for clamav, and that should be plenty. Also, you can install logwatch and get mail updates once a day or more often. You can also install netdata if you want to monitor in real time, or simply watch the output of 'tail -f /var/log/clamav/clamav.log' it's every server admin's pleasure and duty to watch his/her server's logs roll by in a terminal window periodically. ;-) Dave On 2019-04-03 15:58, SCOTT PACKARD via clamav-users wrote: Logfiles are a place where a sysadmin notices a host running smoothly (lack of anything in logs) or has problems (error messages about the programs show up in the logs). Looks like you are trying to misuse logfiles as a place to put successful/unsuccessful output that's produced by a program. You'll want to create a separate log for your program, foo.log, and write it to /var/log/ directory. Others can comment about scanning a host every minute. Regards, Scott FROM: clamav-users ON BEHALF OF Kretschmer, Jens SENT: Wednesday, April 03, 2019 1:34 AM TO: clamav-users@lists.clamav.net SUBJECT: [External] [clamav-users] connect clamscan output to journal with systemd-cat Hi, I would like to redirect the output of clamscan to the journal, which should by possible by /usr/bin/clamscan -r /root/ 2>&1 | /usr/bin/systemd-cat --identifier="clamscan" or /usr/bin/systemd-cat --identifier="clamscan" /usr/bin/clamscan -r /root/ While both commands work when executed manually in the terminal, the output is not redirected when executed by a cronjob. If I put the following line into the file /etc/cron.d/clamav * * * * * root /usr/bin/systemd-cat --identifier="clamscan" /usr/bin/clamscan -r /root/ I can see that the clamscan process is started every minute, but the output is not redirected to the journal. If I put the line * * * * * root /usr/bin/systemd-cat --identifier="clamscan" ls /root/ Into the file /etc/cron.d/clamav, it is executed every minute as well and I can see the output of ls in the journal. Do you have any idea what could be causing the issue? Best regards, Jens ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- With all best wishes, Dave ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- With all best wishes, Dave ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] connect clamscan output to journal with systemd-cat
You can configure a log specially for clamav, and that should be plenty. Also, you can install logwatch and get mail updates once a day or more often. You can also install netdata if you want to monitor in real time, or simply watch the output of 'tail -f /var/log/clamav/clamav.log' it's every server admin's pleasure and duty to watch his/her server's logs roll by in a terminal window periodically. ;-) Dave On 2019-04-03 15:58, SCOTT PACKARD via clamav-users wrote: Logfiles are a place where a sysadmin notices a host running smoothly (lack of anything in logs) or has problems (error messages about the programs show up in the logs). Looks like you are trying to misuse logfiles as a place to put successful/unsuccessful output that's produced by a program. You'll want to create a separate log for your program, foo.log, and write it to /var/log/ directory. Others can comment about scanning a host every minute. Regards, Scott FROM: clamav-users ON BEHALF OF Kretschmer, Jens SENT: Wednesday, April 03, 2019 1:34 AM TO: clamav-users@lists.clamav.net SUBJECT: [External] [clamav-users] connect clamscan output to journal with systemd-cat Hi, I would like to redirect the output of clamscan to the journal, which should by possible by /usr/bin/clamscan -r /root/ 2>&1 | /usr/bin/systemd-cat --identifier="clamscan" or /usr/bin/systemd-cat --identifier="clamscan" /usr/bin/clamscan -r /root/ While both commands work when executed manually in the terminal, the output is not redirected when executed by a cronjob. If I put the following line into the file /etc/cron.d/clamav * * * * * root /usr/bin/systemd-cat --identifier="clamscan" /usr/bin/clamscan -r /root/ I can see that the clamscan process is started every minute, but the output is not redirected to the journal. If I put the line * * * * * root /usr/bin/systemd-cat --identifier="clamscan" ls /root/ Into the file /etc/cron.d/clamav, it is executed every minute as well and I can see the output of ls in the journal. Do you have any idea what could be causing the issue? Best regards, Jens ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- With all best wishes, Dave ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] connect clamscan output to journal with systemd-cat
Logfiles are a place where a sysadmin notices a host running smoothly (lack of anything in logs) or has problems (error messages about the programs show up in the logs). Looks like you are trying to misuse logfiles as a place to put successful/unsuccessful output that's produced by a program. You'll want to create a separate log for your program, foo.log, and write it to /var/log/ directory. Others can comment about scanning a host every minute. Regards, Scott From: clamav-users On Behalf Of Kretschmer, Jens Sent: Wednesday, April 03, 2019 1:34 AM To: clamav-users@lists.clamav.net Subject: [External] [clamav-users] connect clamscan output to journal with systemd-cat Hi, I would like to redirect the output of clamscan to the journal, which should by possible by /usr/bin/clamscan -r /root/ 2>&1 | /usr/bin/systemd-cat --identifier="clamscan" or /usr/bin/systemd-cat --identifier="clamscan" /usr/bin/clamscan -r /root/ While both commands work when executed manually in the terminal, the output is not redirected when executed by a cronjob. If I put the following line into the file /etc/cron.d/clamav * * * * * root /usr/bin/systemd-cat --identifier="clamscan" /usr/bin/clamscan -r /root/ I can see that the clamscan process is started every minute, but the output is not redirected to the journal. If I put the line * * * * * root /usr/bin/systemd-cat --identifier="clamscan" ls /root/ Into the file /etc/cron.d/clamav, it is executed every minute as well and I can see the output of ls in the journal. Do you have any idea what could be causing the issue? Best regards, Jens ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] connect clamscan output to journal with systemd-cat
Hi, I would like to redirect the output of clamscan to the journal, which should by possible by /usr/bin/clamscan -r /root/ 2>&1 | /usr/bin/systemd-cat --identifier="clamscan" or /usr/bin/systemd-cat --identifier="clamscan" /usr/bin/clamscan -r /root/ While both commands work when executed manually in the terminal, the output is not redirected when executed by a cronjob. If I put the following line into the file /etc/cron.d/clamav * * * * * root /usr/bin/systemd-cat --identifier="clamscan" /usr/bin/clamscan -r /root/ I can see that the clamscan process is started every minute, but the output is not redirected to the journal. If I put the line * * * * * root /usr/bin/systemd-cat --identifier="clamscan" ls /root/ Into the file /etc/cron.d/clamav, it is executed every minute as well and I can see the output of ls in the journal. Do you have any idea what could be causing the issue? Best regards, Jens ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
