ClamAV Log Rotation (WAS: Antivirus suggestion...)

Bart Silverstrim bsilver at chrononomicon.com
Wed Mar 17 07:02:02 PST 2004 

On Mar 16, 2004, at 6:28 PM, Wayne Sierke wrote:

> On Tue, 2004-03-16 at 08:45, Jonathan T. Sage wrote:
>> Hope this is of some use:
>>
> <snip>
>>
>> Clamd log rotation:
>>
>> first and foremost, make sure that clamav is gonna drop a pidfile.  in
>> /usr/local/etc/clamav.conf, uncomment:
>>
>> # This option allows you to save the process identifier of the 
>> listening
>> # daemon (main thread).
>> PidFile /var/run/clamd.pid
>>
>> then, add the following (one line) to /etc/newsyslog.conf
>>
>> /var/log/clamd.log 			644  3     *    $W0D1 BJ \
>>      /var/run/clamd.pid  1
>>
>> this will rotate the log once a week, keep 3 of them (current log +3
>> weeks).  it will also compress the old one with bzip2 and SIGHUP the
>> clamd process.  seems to work just fine for me, running clamav-devel 
>> on
>> -current (Mar 3 or so right now)
>>
> Here's what I got:
>
> # ls -lrt /var/log/clamd*
> -rw-r-----  1 clamav  clamav      0 Mar 17 06:00 /var/log/clamd.log
> -rw-r-----  1 clamav  clamav  35873 Mar 17 09:00 /var/log/clamd.log.0
>
> # tail -n 6 /var/log/clamd.log.0
> Wed Mar 17 05:58:54 2004 -> SelfCheck: Database status OK.
> Wed Mar 17 06:00:00 2004 -> SIGHUP catched: log file re-opened.
> Wed Mar 17 06:00:00 2004 -> ERROR: accept() failed.
> Wed Mar 17 06:59:32 2004 -> SelfCheck: Database status OK.
> Wed Mar 17 08:00:10 2004 -> SelfCheck: Database status OK.
> Wed Mar 17 09:00:48 2004 -> SelfCheck: Database status OK.
>
> # portversion -v "clamav*"
>  clamav-0.67.1               =  up-to-date with port
>
>
> Hmm, just saw a submission to -ports for an update to 0.70-rc, looks
> like that version is needed to have the SIGHUP handling (according to
> its NEWS file).
>
>

I suppose the next question is, how *should* I be doing the log 
rotation (if I do a ports update and it does indeed update to 
.70)...what entries in the newsyslog.conf file should be made and what, 
if anything, needs to be entered into the clamav file?

I don't want to mix "workaround for not continuing to log" old method 
with new "works with sighup" method...

Thanks everyone!
-Bart

More information about the freebsd-questions mailing list