[clamav-users] PCI DSS - Configuring ClamAv Logs to be Retained for 12 Months
Gene Heskett
gheskett at wdtv.com
Sat Apr 25 14:25:26 UTC 2015
On Saturday 25 April 2015 04:58:17 Dale Carter wrote:
> In order for ClamAv to be considered PCI Compliant the logs need to be
> kept for 12 months, preferably on a remote server.
>
> How do I configure logs to be kept for this long or is there a way to
> do it using rsyslog to a remote server for ClamAV
I have no idea about its doing a whole year, but that IS what logrotate
is all about. The problem as I see it in the size of the storage needed
for that many generations of logs. On a busy server, huge could be an
underestimate.
Logrotate is if anything, versatile, its a bash script and I'd imagine it
wouldn't be too hard to write a rule that ran once a month or week to
move the older ones to a remote storage location. I would do that by
mv'ing the one to be moved to be log.xx until xx was 53, in which case
rm the zeroth copy, and mv the rest down by one to restore a zeroth
copy. In that manner the zeroth log would always be the oldest one, and
name-log.52.gz then the most recent as of the last run. GZip whats
being moved if logrotate has not already done so via its normal rules.
Bash is a very versatile language, bone up on that puppy.
I even write background daemons in it. I don't have to "go get my mail"
from any of my accounts. fetchmail runs every so many seconds, procmail
puts the stuff that survives spamassassin and clamscan
into /var/mail/$user, inotifywait tells bash its there, and sends kmail
a getmail command over dbus or dcop. All I do is sit here, listen to
the beeps when a mail arrives, and answer a mail question like this if I
can suggest a way to do it.
Another bash script working on the same principle, prints any file
dropped into a directory created for that use, keeping a record that can
itself be reprinted, of the last 25 such items I printed.
> If anyone has configured these settings before, it would be a big
> help.
>
> Thanks
>
> Dale
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
More information about the clamav-users
mailing list