[clamav-users] connect clamscan output to journal with systemd-cat

Kretschmer, Jens kretschmer.jens at siemens.com
Thu Apr 4 07:46:10 UTC 2019 

I probably should have mentioned that this was a minimum non-working example, which would _never_ be used on a production system. I thought that that was pretty obvious...
The output is actually stored in a separate log file and not with the syslog. If you knew the complete setup, you would agree with my use of systemd-cat.

Does anybody have any ideas how I can solve my problem?

Best regards,
Jens

-----Original Message-----
From: Dave Nelson <lists at traduction.biz> 
Sent: Wednesday, April 3, 2019 5:21 PM
To: ClamAV users ML <clamav-users at lists.clamav.net>
Subject: Re: [clamav-users] connect clamscan output to journal with systemd-cat

Also, it should be totally unnecessary to scan your filesystem every minute, and will place an unnecessary load on your server. Postfix (or
whatever) will run clamav when it needs to. And you can maybe run a full scan on your filesystem once every 24 hours if you feel paranoid. 
(IMHO.)
Postfix will log every detection of an incoming virus, so you can watch that log, too, for a fuller view of what's happening (/var/log/mail.log by default on an Ubuntu system).
Dave

On 2019-04-03 17:48, Dave Nelson via clamav-users wrote:
> You can configure a log specially for clamav, and that should be 
> plenty. Also, you can install logwatch and get mail updates once a day 
> or more often. You can also install netdata if you want to monitor in 
> real time, or simply watch the output of 'tail -f 
> /var/log/clamav/clamav.log' .... it's every server admin's pleasure 
> and duty to watch his/her server's logs roll by in a terminal window 
> periodically. ;-) Dave
> 
> On 2019-04-03 15:58, SCOTT PACKARD via clamav-users wrote:
>> Logfiles are a place where a sysadmin notices a host running smoothly 
>> (lack of anything in logs) or has problems (error messages about the 
>> programs show up in the logs).
>> 
>> Looks like you are trying to misuse logfiles as a place to put 
>> successful/unsuccessful output that's produced by a program.
>> 
>> You'll want to create a separate log for your program, foo.log, and 
>> write it to /var/log/ directory.
>> 
>> Others can comment about scanning a host every minute.
>> 
>> Regards, Scott
>> 
>> FROM: clamav-users <clamav-users-bounces at lists.clamav.net> ON BEHALF 
>> OF Kretschmer, Jens
>> SENT: Wednesday, April 03, 2019 1:34 AM
>> TO: clamav-users at lists.clamav.net
>> SUBJECT: [External] [clamav-users] connect clamscan output to journal 
>> with systemd-cat
>> 
>> Hi,
>> 
>> I would like to redirect the output of clamscan to the journal, which 
>> should by possible by
>> 
>> /usr/bin/clamscan -r /root/ 2>&1 | /usr/bin/systemd-cat 
>> --identifier="clamscan"
>> 
>> or
>> 
>> /usr/bin/systemd-cat --identifier="clamscan" /usr/bin/clamscan -r 
>> /root/
>> 
>> While both commands work when executed manually in the terminal, the 
>> output is not redirected when executed by a cronjob. If I put the 
>> following line into the file /etc/cron.d/clamav
>> 
>> * * * * * root /usr/bin/systemd-cat --identifier="clamscan"
>> /usr/bin/clamscan -r /root/
>> 
>> I can see that the clamscan process is started every minute, but the 
>> output is not redirected to the journal.
>> 
>> If I put the line
>> 
>> * * * * * root /usr/bin/systemd-cat --identifier="clamscan" ls /root/
>> 
>> Into the file /etc/cron.d/clamav, it is executed every minute as well 
>> and I can see the output of ls in the journal.
>> 
>> Do you have any idea what could be causing the issue?
>> 
>> Best regards,
>> Jens
>> 
>> _______________________________________________
>> 
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> --
> With all best wishes,
> Dave
> 
> _______________________________________________
> 
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

--
With all best wishes,
Dave

More information about the clamav-users mailing list