[Logwatch-Devel] Fwd: logwatch 7.3.6 patch to clean up clamav reporting

Kirk Bauer kirk at kaybee.org
Tue Feb 19 12:08:18 MST 2008


---------- Forwarded message ----------
From: Gilles Detillieux <grdetil at scrc.umanitoba.ca>
Date: Tue, 19 Feb 2008 12:22:39 -0600 (CST)
Subject: logwatch 7.3.6 patch to clean up clamav reporting
To: logwatch-patches at logwatch.org, bl_logwatch2 at mblmail.net
Cc: Gilles Detillieux <grdetil at scrc.umanitoba.ca>

This patch for logwatch 7.3.6 cleans up some clamav and clamav-milter
reporting to correctly report reloads, silence some unmatched entries
we don't care about, and ignore /tmp file messages in /var/tmp too.

--- logwatch/scripts/services/clamav.orig	2008-02-14 08:25:14.000000000 -0600
+++ logwatch/scripts/services/clamav	2008-02-19 11:04:38.000000000 -0600
@@ -31,14 +31,13 @@ while (defined($ThisLine = <STDIN>)) {
        ( $ThisLine =~ /^Loaded \d+ signatures/ ) or
        ( $ThisLine =~ /^Algorithmic detection enabled/ ) or
        ( $ThisLine =~ /^Mail: Recursion level limit set to \d+/ ) or
-       ( $ThisLine =~ /^Database correctly reloaded \(\d+ signatures\)/ ) or
        ( $ThisLine =~ /^No stats for Database check/ )) {
        # We do not care about these.
    } elsif (($Check) = ($ThisLine =~ /^SelfCheck: (.*?)\.?\s?\n/i)) {
       $SelfCheck{$Check}++;
    } elsif (($Virus) = ($ThisLine =~ /^.+?: (.*?) FOUND/i )) {
       $VirusList{$Virus}++;
-   } elsif (($Viruses) = ($ThisLine =~ /^Database correctly reloaded
\((\d+) viruses\)/i )) {
+   } elsif (($Viruses) = ($ThisLine =~ /^Database correctly reloaded
\((\d+) (viruses|signatures)\)/i )) {
       $DatabaseReloads++;
       $DatabaseViruses = $Viruses;
    } elsif (($ThisLine =~ /Stopped at/)) {
--- logwatch/scripts/services/clamav-milter.orig	2008-02-14
08:25:14.000000000 -0600
+++ logwatch/scripts/services/clamav-milter	2008-02-19 11:34:48.000000000 -0600
@@ -17,7 +17,10 @@ while (defined($ThisLine = <STDIN>)) {
        ( $ThisLine =~ /^Quarantined infected mail as/ ) or
        ( $ThisLine =~ /^File quarantined as/ ) or
        ( $ThisLine =~ /^ClamAv: mi_stop/ ) or
-       ( $ThisLine =~ m#^\/tmp\/clamav-.* .* FOUND# )) {
+       ( $ThisLine =~ /^Database has changed, loading updated database/ ) or
+       ( $ThisLine =~ /^Loaded ClamAV .*\/.*\/.*/ ) or
+       ( $ThisLine =~ /^ClamAV: Protecting against \d+ viruses/ ) or
+       ( $ThisLine =~ m#\/tmp\/clamav-.* .* FOUND# )) {

        # We do not care about these.
    } elsif (($ThisLine =~ /clean message from/)) {
@@ -30,6 +33,9 @@ while (defined($ThisLine = <STDIN>)) {
       $DaemonStop++;
    } elsif (($ThisLine =~ /^Starting/)) {
       $DaemonStart++;
+   } elsif (($Viruses) = ($ThisLine =~ /^Database correctly reloaded
\((\d+) (viruses|signatures)\)/i )) {
+      $DatabaseReloads++;
+      $DatabaseViruses = $Viruses;
    } else {
       push @OtherList,$ThisLine;
    }
@@ -44,6 +50,10 @@ if (($DaemonStart) and ($Detail >= 5)) {
    print "\nDaemon started: " . $DaemonStart . " Time(s)\n";
 }

+if (($DatabaseReloads) and ($Detail >= 10)) {
+   print "\nVirus database reloaded $DatabaseReloads time(s) (last
time with $DatabaseViruses viruses)\n";
+}
+
 if (keys %MaxChildrenLimit) {
    print "\nHit max-hildren limit:\n";
    foreach $Limit (sort {$a cmp $b} keys %MaxChildrenLimit) {

-- 
Gilles R. Detillieux              E-mail: <grdetil at scrc.umanitoba.ca>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. Physiology, U. of Manitoba  Winnipeg, MB  R3E 3J7  (Canada)




-- 
Kirk Bauer <kirk at kaybee.org>
http://linux.kaybee.org | www.logwatch.org
Author, Automating UNIX & Linux Administration


More information about the Logwatch-Devel mailing list