From owner-freebsd-questions@FreeBSD.ORG Wed Mar 17 07:02:02 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0811916A4CE for ; Wed, 17 Mar 2004 07:02:02 -0800 (PST) Received: from destiny.chrononomicon.com (mail.chrononomicon.com [65.193.73.208]) by mx1.FreeBSD.org (Postfix) with ESMTP id E31B843D1F for ; Wed, 17 Mar 2004 07:02:00 -0800 (PST) (envelope-from bsilver@chrononomicon.com) Received: from [IPv6:::1] (destiny.chrononomicon.com [192.168.1.42]) by destiny.chrononomicon.com (Postfix) with ESMTP id 6DA221FDFF; Wed, 17 Mar 2004 10:01:45 -0500 (EST) In-Reply-To: <1079479714.3992.138.camel@ovirt.dyndns.ws> References: <000c01c2eafb$52cfdbc0$0401a8c0@bloodlust> <4055EAFE.7050503@theatre.msu.edu> <8FDB539E-76AA-11D8-A92D-000A956D2452@chrononomicon.com> <4055EFAD.5080202@theatre.msu.edu> <588423B0-76AC-11D8-A92D-000A956D2452@chrononomicon.com> <40562AFC.4080004@theatre.msu.edu> <1079479714.3992.138.camel@ovirt.dyndns.ws> Mime-Version: 1.0 (Apple Message framework v613) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <0164B79A-7824-11D8-A15B-000A956D2452@chrononomicon.com> Content-Transfer-Encoding: 7bit From: Bart Silverstrim Date: Wed, 17 Mar 2004 10:01:44 -0500 To: Wayne Sierke X-Mailer: Apple Mail (2.613) cc: questions@freebsd.org Subject: Re: ClamAV Log Rotation (WAS: Antivirus suggestion...) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2004 15:02:02 -0000 On Mar 16, 2004, at 6:28 PM, Wayne Sierke wrote: > On Tue, 2004-03-16 at 08:45, Jonathan T. Sage wrote: >> Hope this is of some use: >> > >> >> Clamd log rotation: >> >> first and foremost, make sure that clamav is gonna drop a pidfile. in >> /usr/local/etc/clamav.conf, uncomment: >> >> # This option allows you to save the process identifier of the >> listening >> # daemon (main thread). >> PidFile /var/run/clamd.pid >> >> then, add the following (one line) to /etc/newsyslog.conf >> >> /var/log/clamd.log 644 3 * $W0D1 BJ \ >> /var/run/clamd.pid 1 >> >> this will rotate the log once a week, keep 3 of them (current log +3 >> weeks). it will also compress the old one with bzip2 and SIGHUP the >> clamd process. seems to work just fine for me, running clamav-devel >> on >> -current (Mar 3 or so right now) >> > Here's what I got: > > # ls -lrt /var/log/clamd* > -rw-r----- 1 clamav clamav 0 Mar 17 06:00 /var/log/clamd.log > -rw-r----- 1 clamav clamav 35873 Mar 17 09:00 /var/log/clamd.log.0 > > # tail -n 6 /var/log/clamd.log.0 > Wed Mar 17 05:58:54 2004 -> SelfCheck: Database status OK. > Wed Mar 17 06:00:00 2004 -> SIGHUP catched: log file re-opened. > Wed Mar 17 06:00:00 2004 -> ERROR: accept() failed. > Wed Mar 17 06:59:32 2004 -> SelfCheck: Database status OK. > Wed Mar 17 08:00:10 2004 -> SelfCheck: Database status OK. > Wed Mar 17 09:00:48 2004 -> SelfCheck: Database status OK. > > # portversion -v "clamav*" > clamav-0.67.1 = up-to-date with port > > > Hmm, just saw a submission to -ports for an update to 0.70-rc, looks > like that version is needed to have the SIGHUP handling (according to > its NEWS file). > > I suppose the next question is, how *should* I be doing the log rotation (if I do a ports update and it does indeed update to .70)...what entries in the newsyslog.conf file should be made and what, if anything, needs to be entered into the clamav file? I don't want to mix "workaround for not continuing to log" old method with new "works with sighup" method... Thanks everyone! -Bart