Re: ClamAV Log Rotation (WAS: Antivirus suggestion...)
On Mar 16, 2004, at 6:28 PM, Wayne Sierke wrote: On Tue, 2004-03-16 at 08:45, Jonathan T. Sage wrote: Hope this is of some use: Clamd log rotation: first and foremost, make sure that clamav is gonna drop a pidfile. in /usr/local/etc/clamav.conf, uncomment: # This option allows you to save the process identifier of the listening # daemon (main thread). PidFile /var/run/clamd.pid then, add the following (one line) to /etc/newsyslog.conf /var/log/clamd.log 644 3 *$W0D1 BJ \ /var/run/clamd.pid 1 this will rotate the log once a week, keep 3 of them (current log +3 weeks). it will also compress the old one with bzip2 and SIGHUP the clamd process. seems to work just fine for me, running clamav-devel on -current (Mar 3 or so right now) Here's what I got: # ls -lrt /var/log/clamd* -rw-r- 1 clamav clamav 0 Mar 17 06:00 /var/log/clamd.log -rw-r- 1 clamav clamav 35873 Mar 17 09:00 /var/log/clamd.log.0 # tail -n 6 /var/log/clamd.log.0 Wed Mar 17 05:58:54 2004 -> SelfCheck: Database status OK. Wed Mar 17 06:00:00 2004 -> SIGHUP catched: log file re-opened. Wed Mar 17 06:00:00 2004 -> ERROR: accept() failed. Wed Mar 17 06:59:32 2004 -> SelfCheck: Database status OK. Wed Mar 17 08:00:10 2004 -> SelfCheck: Database status OK. Wed Mar 17 09:00:48 2004 -> SelfCheck: Database status OK. # portversion -v "clamav*" clamav-0.67.1 = up-to-date with port Hmm, just saw a submission to -ports for an update to 0.70-rc, looks like that version is needed to have the SIGHUP handling (according to its NEWS file). I suppose the next question is, how *should* I be doing the log rotation (if I do a ports update and it does indeed update to .70)...what entries in the newsyslog.conf file should be made and what, if anything, needs to be entered into the clamav file? I don't want to mix "workaround for not continuing to log" old method with new "works with sighup" method... Thanks everyone! -Bart ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ClamAV Log Rotation (WAS: Antivirus suggestion...)
Wayne Sierke wrote: Clamd log rotation: first and foremost, make sure that clamav is gonna drop a pidfile. in /usr/local/etc/clamav.conf, uncomment: # This option allows you to save the process identifier of the listening # daemon (main thread). PidFile /var/run/clamd.pid then, add the following (one line) to /etc/newsyslog.conf /var/log/clamd.log 644 3 *$W0D1 BJ \ /var/run/clamd.pid 1 this will rotate the log once a week, keep 3 of them (current log +3 weeks). it will also compress the old one with bzip2 and SIGHUP the clamd process. seems to work just fine for me, running clamav-devel on -current (Mar 3 or so right now) Here's what I got: # ls -lrt /var/log/clamd* -rw-r- 1 clamav clamav 0 Mar 17 06:00 /var/log/clamd.log -rw-r- 1 clamav clamav 35873 Mar 17 09:00 /var/log/clamd.log.0 # tail -n 6 /var/log/clamd.log.0 Wed Mar 17 05:58:54 2004 -> SelfCheck: Database status OK. Wed Mar 17 06:00:00 2004 -> SIGHUP catched: log file re-opened. Wed Mar 17 06:00:00 2004 -> ERROR: accept() failed. Wed Mar 17 06:59:32 2004 -> SelfCheck: Database status OK. Wed Mar 17 08:00:10 2004 -> SelfCheck: Database status OK. Wed Mar 17 09:00:48 2004 -> SelfCheck: Database status OK. # portversion -v "clamav*" clamav-0.67.1 = up-to-date with port Hmm, just saw a submission to -ports for an update to 0.70-rc, looks like that version is needed to have the SIGHUP handling (according to its NEWS file). Ah. yes, When I wrote this, i was using clamav-devel, and the SIGHUP handling works fine there. thanks for the info though. ~j -- Jonathan T. Sage Theatrical Lighting / Set Designer Professional Web Design [HTTP://www.JTSage.com] [EMAIL PROTECTED] [See Headers for Contact Info] signature.asc Description: OpenPGP digital signature
Re: ClamAV Log Rotation (WAS: Antivirus suggestion...)
On Tue, 2004-03-16 at 08:45, Jonathan T. Sage wrote: > Hope this is of some use: > > > Clamd log rotation: > > first and foremost, make sure that clamav is gonna drop a pidfile. in > /usr/local/etc/clamav.conf, uncomment: > > # This option allows you to save the process identifier of the listening > # daemon (main thread). > PidFile /var/run/clamd.pid > > then, add the following (one line) to /etc/newsyslog.conf > > /var/log/clamd.log644 3 *$W0D1 BJ \ > /var/run/clamd.pid 1 > > this will rotate the log once a week, keep 3 of them (current log +3 > weeks). it will also compress the old one with bzip2 and SIGHUP the > clamd process. seems to work just fine for me, running clamav-devel on > -current (Mar 3 or so right now) > Here's what I got: # ls -lrt /var/log/clamd* -rw-r- 1 clamav clamav 0 Mar 17 06:00 /var/log/clamd.log -rw-r- 1 clamav clamav 35873 Mar 17 09:00 /var/log/clamd.log.0 # tail -n 6 /var/log/clamd.log.0 Wed Mar 17 05:58:54 2004 -> SelfCheck: Database status OK. Wed Mar 17 06:00:00 2004 -> SIGHUP catched: log file re-opened. Wed Mar 17 06:00:00 2004 -> ERROR: accept() failed. Wed Mar 17 06:59:32 2004 -> SelfCheck: Database status OK. Wed Mar 17 08:00:10 2004 -> SelfCheck: Database status OK. Wed Mar 17 09:00:48 2004 -> SelfCheck: Database status OK. # portversion -v "clamav*" clamav-0.67.1 = up-to-date with port Hmm, just saw a submission to -ports for an update to 0.70-rc, looks like that version is needed to have the SIGHUP handling (according to its NEWS file). Wayne ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"