[Logwatch] Logwatch - clam-update script v1.16
bl_logwatch at mblmail.net
Fri Sep 15 09:21:50 MST 2006
So I chose the first option. The clam-update service now prints
instructions on how to update the config file, since it needs
to be modified anyway to update the name of the log file.
Ann Hopkins wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Whatever you would like to do is fine.
> Copying the "services/clam-update.conf" to
> "etc/logwatch/conf/services" and modifying it worked quite well.
> I don't mind making "/etc/logwatch/conf/logfile/clam-update.conf" to
> match the file.
> I guess which is more compatible should drive how you modify it, or
> setting up an instruction comment might work. Using syslog and one
> file seemed a lot easier to manage for me.
> Thanks for being prompt.
> Bjorn L. wrote:
>>Thanks for the log.
>>I see the issue. Logwatch currently assumes that it logs
>>using the default logger for clamav, not the syslog logger.
>>So Logwatch does not look for the right format - it assumes
>>that the log entries do not have the syslog prefix (date,
>>host, daemon, etc.)
>>Three solutions come to mind:
>>- Change the config files by adding a new logfile type,
>> which process other files, using
>> *OnlyService = freshclam
>>- Modify the service script to search for the syslog
>> prefix (and freshclam daemon) and remove it before
>> further processing
>>- Change all the regexps to not use the '^' that forces
>> it to match at the beginning of the line. The issue
>> that arises is that other services/daemons might
>> match (on something that has the word "ERROR", for
>>The first one may sound cleaner, but there is no
>>default log file for it (local6.log, in your case).
>>I'm inclined to do the second one. It would still
>>require you to declare "LogFile = local6.log".
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
> Logwatch mailing list
> Logwatch at logwatch.org
More information about the Logwatch