[Logwatch] Logwatch - clam-update script v1.16

Bjorn L. bl_logwatch at mblmail.net
Fri Sep 15 09:21:50 MST 2006


So I chose the first option.  The clam-update service now prints
instructions on how to update the config file, since it needs
to be modified anyway to update the name of the log file.


Ann Hopkins wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Whatever you would like to do is fine.
> 
> Copying the "services/clam-update.conf" to
> "etc/logwatch/conf/services" and modifying it worked quite well.
> 
> I don't mind making "/etc/logwatch/conf/logfile/clam-update.conf" to
> match the file.
> 
> I guess which is more compatible should drive how you modify it, or
> setting up an instruction comment might work.  Using syslog and one
> file seemed a lot easier to manage for me.
> 
> 
> Thanks for being prompt.
> 
> 
> 
> Bjorn L. wrote:
> 
>>Thanks for the log.
>>
>>I see the issue.  Logwatch currently assumes that it logs
>>using the default logger for clamav, not the syslog logger.
>>So Logwatch does not look for the right format - it assumes
>>that the log entries do not have the syslog prefix (date,
>>host, daemon, etc.)
>>
>>Three solutions come to mind:
>>
>>- Change the config files by adding a new logfile type,
>>  which process other files, using
>>       *OnlyService = freshclam
>>       *RemoveHeaders
>>
>>- Modify the service script to search for the syslog
>>  prefix (and freshclam daemon) and remove it before
>>  further processing
>>
>>- Change all the regexps to not use the '^' that forces
>>  it to match at the beginning of the line.  The issue
>>  that arises is that other services/daemons might
>>  match (on something that has the word "ERROR", for
>>  example.
>>
>>The first one may sound cleaner, but there is no
>>default log file for it (local6.log, in your case).
>>
>>I'm inclined to do the second one.  It would still
>>require you to declare "LogFile = local6.log".
>>
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFFB5Iphs7JGk93PT0RAtfrAKCgeg33Z84II1yRr4KmCK1QQeI4vACg2SaK
> f+Pu9fqNFSOnsOBAfUy5+z4=
> =s6SG
> -----END PGP SIGNATURE-----
> _______________________________________________
> Logwatch mailing list
> Logwatch at logwatch.org
> http://www2.list.logwatch.org:8080/lists/listinfo/logwatch



More information about the Logwatch mailing list