ClamAV Log Rotation (WAS: Antivirus suggestion...)
Wayne Sierke
ws+freebsd-questions at au.dyndns.ws
Tue Mar 16 15:28:57 PST 2004
On Tue, 2004-03-16 at 08:45, Jonathan T. Sage wrote:
> Hope this is of some use:
>
<snip>
>
> Clamd log rotation:
>
> first and foremost, make sure that clamav is gonna drop a pidfile. in
> /usr/local/etc/clamav.conf, uncomment:
>
> # This option allows you to save the process identifier of the listening
> # daemon (main thread).
> PidFile /var/run/clamd.pid
>
> then, add the following (one line) to /etc/newsyslog.conf
>
> /var/log/clamd.log 644 3 * $W0D1 BJ \
> /var/run/clamd.pid 1
>
> this will rotate the log once a week, keep 3 of them (current log +3
> weeks). it will also compress the old one with bzip2 and SIGHUP the
> clamd process. seems to work just fine for me, running clamav-devel on
> -current (Mar 3 or so right now)
>
Here's what I got:
# ls -lrt /var/log/clamd*
-rw-r----- 1 clamav clamav 0 Mar 17 06:00 /var/log/clamd.log
-rw-r----- 1 clamav clamav 35873 Mar 17 09:00 /var/log/clamd.log.0
# tail -n 6 /var/log/clamd.log.0
Wed Mar 17 05:58:54 2004 -> SelfCheck: Database status OK.
Wed Mar 17 06:00:00 2004 -> SIGHUP catched: log file re-opened.
Wed Mar 17 06:00:00 2004 -> ERROR: accept() failed.
Wed Mar 17 06:59:32 2004 -> SelfCheck: Database status OK.
Wed Mar 17 08:00:10 2004 -> SelfCheck: Database status OK.
Wed Mar 17 09:00:48 2004 -> SelfCheck: Database status OK.
# portversion -v "clamav*"
clamav-0.67.1 = up-to-date with port
Hmm, just saw a submission to -ports for an update to 0.70-rc, looks
like that version is needed to have the SIGHUP handling (according to
its NEWS file).
Wayne
More information about the freebsd-questions
mailing list