[Logwatch-Devel] clamav-update

Bjorn L. bl_logwatch at mblmail.net
Thu Mar 17 15:34:49 MST 2005



Bjorn L. wrote:
> As I alluded to earlier, the newer clamav puts the logs
> someplace else.  The attached patch is for
> conf/logfiles/clam-update.conf
> 
> The clam-update service file needs updating too, but at
> least the errors will show up now.  [It seems to me that
> you can print most of the last valid section in the
> freshclam.log file to reflect the current state, as
> opposed to try to parse the logs, like we usually do.

I decided to go ahead and code this.  I've attached
the new file for scripts/services/clam-update.

It should work for the current version 0.83 (previous
script was coded up to version 0.65, I think).
-------------- next part --------------

##########################################################################
## $Id: clam-update,v 1.10 2005/02/24 17:08:04 kirk Exp $
###########################################################################
#########################################################################
# clam-update script for Logwatch
# Analyzes the Clam Anti-Virus update log
#
# Version: 1.0.0
#    Initial release
# Version: 1.0.1
#    Add support for pre-0.65 database
#
# Originally written by: Lars Skjærlund <lars at skjaerlund.dk>
#
# Please send all comments, suggestions, bug reports,
#    etc, to logwatch-devel at logwatch.org
#########################################################################

#########################################################################
# This script is subject to the same copyright as Logwatch itself
#########################################################################

#########################################################################
# Files - all shown with default paths:
#
# /etc/log.d/conf/logfiles/clam-update.conf
# /etc/log.d/conf/services/clam-update.conf
# /etc/log.d/scripts/services/clam-update (this file)
#
# ... and of course
#
# /var/log/clamav/freshclam.log
#########################################################################

#########################################################################
# Important note:
#
# If no update attempt has been done, an alert will be output to inform
# you about this (which probably means that freshclam isn't running).
# 
# If you have stopped using ClamAV and would like to get rid of the 
# alert, you should delete the logfile. If there's no logfile, no alerts
# will be output - but if Logwatch finds a logfile and no update attempts
# have been made for whatever timeperiod Logwatch is analyzing, an alert
# will be output.
#########################################################################

use POSIX qw(strftime);

my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};

my $time          = time;
my $Date;
my $SearchDate;
my $InRange       = 0;
my $UpdatedNum    = 0;
my $Status        = "";
my $Version       = "";

my %Starts;
my %Errors;
my %Warnings;

my $range = $ENV{'LOGWATCH_DATE_RANGE'} || 'yesterday';

if ($range eq 'yesterday') {
   $SearchDate = strftime("%b %e", localtime($time-86400));
} elsif ($range eq 'today') {
   $SearchDate = strftime("%b %e", localtime($time));
} elsif ($range eq 'all') {
   $SearchDate = '... ..';
}

while (defined(my $ThisLine = <STDIN>)) {
   if (
       # separator of 38 dashes
       ($ThisLine =~ /^\-{38}$/) or
       # the following failure is also recorded with ERROR later on
       ($ThisLine =~ /^Giving up/) or
       # SIGALRM, SIGUSR1, and SIGHIP signals
       ($ThisLine =~ /^Received signal \d*, wake up$/) or
       ($ThisLine =~ /^Received signal \d*, re-opening log file$/) or
       # temporary failure
       ($ThisLine =~ /^Trying again/) ) {
      # Do nothing for the above statements
   } elsif ($ThisLine =~ /^Received signal \d*, terminating$/) {
      $InRange = 0;
      $Status = "Last Status:\n   Freshclam daemon was terminated, and is not currently running\n";
   } elsif ((my $Temp) = ($ThisLine =~ /^freshclam daemon (.*)/)) {
      # just set version for now, to be used later
      $Version = $Temp;
   } elsif (($Date) = ($ThisLine =~ /^ClamAV update process started at \w{3} (\w{3} [\d ]\d ..:..:.. \d{4})$/)) {
      if ($Date =~ $SearchDate) {
         $InRange = 1;
         $UpdatedNum++;
         $Status = "Last " . $ThisLine . "\nLast Status:\n";
         if ($Version) {
            # $Starts is only set if $Version was set just before the current update process
            $Starts{$Version}++;
         }
      } else {
         $InRange = 0;
      }
      # $Version was already logged if necessary, so now we clear it 
      $Version = "";
   } elsif ($InRange) {
      $Status = $Status . "   " . $ThisLine;
      chomp($ThisLine);
      if ((my $Text) = ($ThisLine =~ /^ERROR: (.*)/)) {
         $Errors{$Text}++;
      } elsif (($Text) = ($ThisLine =~ /^WARNING: (.*)/)) {
         $Warnings{$Text}++;
      }
   }
}


#####################################################################
if (keys %Starts) {
   print "\nThe following version(s) of the freshclam daemon were started\n";
   foreach my $Version (sort keys %Starts) {
      print "   $Version: $Starts{$Version} Time(s)\n";
   }
}

if ($UpdatedNum) {
   print "\nThe ClamAV updated process was started $UpdatedNum time(s)\n";
}
else {
   print "\nThe ClamAV update process (freshclam daemon) was not running!\n";
   print "If you no longer wish to run freshclam, deleting the freshclam.log\n";
   print "file will suppress this error message.\n";
}

if ($Status) {
   print "\n" . $Status;
};

if ($Detail >= 10) {
   if ((keys %Errors) or (keys %Warnings)) {
      print "\nThe following ERRORS and/or WARNINGS were detected when\n";
      print "running the ClamAV update process.  If these ERRORS and/or\n";
      print "WARNINGS do not show up in the \"Last Status\" section above,\n";
      print "then their underlying cause has probably been corrected.\n";
   }

   if (keys %Errors) {
      print "\nERRORS:\n";
      foreach my $Text (keys %Errors) {
         print "   $Text: $Errors{$Text} Time(s)\n";
      }
   }

   if (keys %Warnings) {
      print "\nWARNINGS:\n";
      foreach my $Text (keys %Warnings) {
         print "   $Text: $Warnings{$Text} Time(s)\n";
      }
   }
}

exit(0);

# vi: shiftwidth=3 tabstop=3 syntax=perl et


More information about the Logwatch-Devel mailing list