Date: Mon, 15 Mar 2004 17:15:24 -0500 From: "Jonathan T. Sage" <sagejona@theatre.msu.edu> To: Bart Silverstrim <bsilver@chrononomicon.com>, questions@freebsd.org Subject: ClamAV Log Rotation (WAS: Antivirus suggestion...) Message-ID: <40562AFC.4080004@theatre.msu.edu> In-Reply-To: <588423B0-76AC-11D8-A92D-000A956D2452@chrononomicon.com> References: <000c01c2eafb$52cfdbc0$0401a8c0@bloodlust> <A2351FB4-768D-11D8-A92D-000A956D2452@chrononomicon.com> <4055EAFE.7050503@theatre.msu.edu> <8FDB539E-76AA-11D8-A92D-000A956D2452@chrononomicon.com> <4055EFAD.5080202@theatre.msu.edu> <588423B0-76AC-11D8-A92D-000A956D2452@chrononomicon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig8F22D71729AE5D4798ADC524
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Hope this is of some use:
Bart Silverstrim wrote:
>>>>> I haven't tried it on Exim, but I've had mostly good luck with
>>>>> ClamAV (need to work on the log rotation question
>>>>> I've posted previously about, though...)
>>>> Speaking of that log question, have you been able to prove
>>>> (substantiate may be a better word) that this happens? also note
>>>> that newsyslog has the ability to -HUP a process when it rotates a
>>>> log file (for details on how to do this, take a look at apache log
>>>> rotation howtos).
>>> I have been seeing several posts to the clamav-users list about it
>>> happening, that once it hits the quota limit for the logfile size
>>> that it will stop working. Has it happened to me yet? no...my
>>> logfile hasn't reached the 5 meg limit yet :-)
>>> I do need to find a way to rotate the log though. I'm just waiting
>>> to find someone that can say "yes, I'm running clamav, and using
>>> newsyslog to rotate the log, here's the line I use in the conf file
>>> to do it and here's the line I use in the clamav.conf file to get it
>>> to work..."
> Hey, if you get a working rotation configuration for Clamd, please do
> share! :-) I've got a production server holding it's own in proving
> open source software is a viable alternative to the commercial fellas
> for our school district, and I don't need to have our mail system go
> belly up because of an overgrown logfile :-)
Clamd log rotation:
first and foremost, make sure that clamav is gonna drop a pidfile. in
/usr/local/etc/clamav.conf, uncomment:
# This option allows you to save the process identifier of the listening
# daemon (main thread).
PidFile /var/run/clamd.pid
then, add the following (one line) to /etc/newsyslog.conf
/var/log/clamd.log 644 3 * $W0D1 BJ \
/var/run/clamd.pid 1
this will rotate the log once a week, keep 3 of them (current log +3
weeks). it will also compress the old one with bzip2 and SIGHUP the
clamd process. seems to work just fine for me, running clamav-devel on
-current (Mar 3 or so right now)
~j
--
Jonathan T. Sage
Theatrical Lighting / Set Designer
Professional Web Design
[HTTP://www.JTSage.com]
[sagejona@msu.edu]
[See Headers for Contact Info]
--------------enig8F22D71729AE5D4798ADC524
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAVisAoVmW2UUup/ERAnr5AJwN9vO7cvSyTB55OLQInz4Glm7WSwCdH9LN
RAXVc3HsMTYmLmJ7u74uYcQ=
=AmVC
-----END PGP SIGNATURE-----
--------------enig8F22D71729AE5D4798ADC524--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40562AFC.4080004>