[clamav-users] connect clamscan output to journal with systemd-cat

Franky Van Liedekerke liedekef at telenet.be
Thu Apr 4 09:02:57 UTC 2019 

Do you want the info in journald or just in syslog? Because
rsyslog can monitor logfiles directly too.
Your call to clamscan from cron might refuse to output info (because
no tty perhaps), maybe first try to get logs from clamscan via cron
directly?

Franky



Op Donderdag, 04-04-2019 om 09:46 schreef Kretschmer, Jens:


I probably should have mentioned that this was a minimum non-working
example, which would _never_ be used on a production system. I thought
that that was pretty obvious...
The output is actually stored in a separate log file and not with the
syslog. If you knew the complete setup, you would agree with my use of
systemd-cat.

Does anybody have any ideas how I can solve my problem?

Best regards,
Jens

-----Original Message-----
From: Dave Nelson 
	*  
Sent: Wednesday, April 3, 2019 5:21 PM
To: ClamAV users ML 
Subject: Re: [clamav-users] connect clamscan output to journal with
systemd-cat

Also, it should be totally unnecessary to scan your filesystem every
minute, and will place an unnecessary load on your server. Postfix (or
whatever) will run clamav when it needs to. And you can maybe run a
full scan on your filesystem once every 24 hours if you feel paranoid.

(IMHO.)
Postfix will log every detection of an incoming virus, so you can
watch that log, too, for a fuller view of what's happening
(/var/log/mail.log by default on an Ubuntu system).
Dave

On 2019-04-03 17:48, Dave Nelson via clamav-users wrote:
> You can configure a log specially for clamav, and that should be 
> plenty. Also, you can install logwatch and get mail updates once a
day 
> or more often. You can also install netdata if you want to monitor
in 
> real time, or simply watch the output of 'tail -f 
> /var/log/clamav/clamav.log' .... it's every server admin's pleasure 
> and duty to watch his/her server's logs roll by in a terminal window

> periodically. ;-) Dave
> 
> On 2019-04-03 15:58, SCOTT PACKARD via clamav-users wrote:
>> Logfiles are a place where a sysadmin notices a host running
smoothly 
>> (lack of anything in logs) or has problems (error messages about
the 
>> programs show up in the logs).
>> 
>> Looks like you are trying to misuse logfiles as a place to put 
>> successful/unsuccessful output that's produced by a program.
>> 
>> You'll want to create a separate log for your program, foo.log, and

>> write it to /var/log/ directory.
>> 
>> Others can comment about scanning a host every minute.
>> 
>> Regards, Scott
>> 
>> FROM: clamav-users  ON BEHALF 
>> OF Kretschmer, Jens
>> SENT: Wednesday, April 03, 2019 1:34 AM
>> TO: clamav-users at lists.clamav.net
>> SUBJECT: [External] [clamav-users] connect clamscan output to
journal 
>> with systemd-cat
>> 
>> Hi,
>> 
>> I would like to redirect the output of clamscan to the journal,
which 
>> should by possible by
>> 
>> /usr/bin/clamscan -r /root/ 2>&1 | /usr/bin/systemd-cat 
>> --identifier="clamscan"
>> 
>> or
>> 
>> /usr/bin/systemd-cat --identifier="clamscan" /usr/bin/clamscan -r 
>> /root/
>> 
>> While both commands work when executed manually in the terminal,
the 
>> output is not redirected when executed by a cronjob. If I put the 
>> following line into the file /etc/cron.d/clamav
>> 
>> * * * * * root /usr/bin/systemd-cat --identifier="clamscan"
>> /usr/bin/clamscan -r /root/
>> 
>> I can see that the clamscan process is started every minute, but
the 
>> output is not redirected to the journal.
>> 
>> If I put the line
>> 
>> * * * * * root /usr/bin/systemd-cat --identifier="clamscan" ls
/root/
>> 
>> Into the file /etc/cron.d/clamav, it is executed every minute as
well 
>> and I can see the output of ls in the journal.
>> 
>> Do you have any idea what could be causing the issue?
>> 
>> Best regards,
>> Jens
>> 
>> _______________________________________________
>> 
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> --
> With all best wishes,
> Dave
> 
> _______________________________________________
> 
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

--
With all best wishes,
Dave


_______________________________________________

clamav-users mailing list
clamav-users at lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190404/acfa57d1/attachment.htm>

More information about the clamav-users mailing list