Date: Wed, 17 Mar 2004 09:58:35 +1030 From: Wayne Sierke <ws+freebsd-questions@au.dyndns.ws> To: "Jonathan T. Sage" <sagejona@theatre.msu.edu> Cc: Bart Silverstrim <bsilver@chrononomicon.com> Subject: Re: ClamAV Log Rotation (WAS: Antivirus suggestion...) Message-ID: <1079479714.3992.138.camel@ovirt.dyndns.ws> In-Reply-To: <40562AFC.4080004@theatre.msu.edu> References: <000c01c2eafb$52cfdbc0$0401a8c0@bloodlust> <A2351FB4-768D-11D8-A92D-000A956D2452@chrononomicon.com> <4055EAFE.7050503@theatre.msu.edu> <8FDB539E-76AA-11D8-A92D-000A956D2452@chrononomicon.com> <4055EFAD.5080202@theatre.msu.edu> <588423B0-76AC-11D8-A92D-000A956D2452@chrononomicon.com> <40562AFC.4080004@theatre.msu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2004-03-16 at 08:45, Jonathan T. Sage wrote: > Hope this is of some use: > <snip> > > Clamd log rotation: > > first and foremost, make sure that clamav is gonna drop a pidfile. in > /usr/local/etc/clamav.conf, uncomment: > > # This option allows you to save the process identifier of the listening > # daemon (main thread). > PidFile /var/run/clamd.pid > > then, add the following (one line) to /etc/newsyslog.conf > > /var/log/clamd.log 644 3 * $W0D1 BJ \ > /var/run/clamd.pid 1 > > this will rotate the log once a week, keep 3 of them (current log +3 > weeks). it will also compress the old one with bzip2 and SIGHUP the > clamd process. seems to work just fine for me, running clamav-devel on > -current (Mar 3 or so right now) > Here's what I got: # ls -lrt /var/log/clamd* -rw-r----- 1 clamav clamav 0 Mar 17 06:00 /var/log/clamd.log -rw-r----- 1 clamav clamav 35873 Mar 17 09:00 /var/log/clamd.log.0 # tail -n 6 /var/log/clamd.log.0 Wed Mar 17 05:58:54 2004 -> SelfCheck: Database status OK. Wed Mar 17 06:00:00 2004 -> SIGHUP catched: log file re-opened. Wed Mar 17 06:00:00 2004 -> ERROR: accept() failed. Wed Mar 17 06:59:32 2004 -> SelfCheck: Database status OK. Wed Mar 17 08:00:10 2004 -> SelfCheck: Database status OK. Wed Mar 17 09:00:48 2004 -> SelfCheck: Database status OK. # portversion -v "clamav*" clamav-0.67.1 = up-to-date with port Hmm, just saw a submission to -ports for an update to 0.70-rc, looks like that version is needed to have the SIGHUP handling (according to its NEWS file). Wayne
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1079479714.3992.138.camel>