Results 1 to 8 of 8

Thread: Logwatch issue

  1. #1
    Join Date
    Aug 2005
    Location
    behind my screen
    Posts
    402

    Unhappy Logwatch issue

    Hi people,

    My daily logwatch report is not detecting ClamAV antivirus updates.The reports include a section like

    --------------------- clam-update Begin ------------------------

    No updates detected in the log for the freshclam daemon (the
    ClamAV update process). If the freshclam daemon is not running,
    you may need to restart it. Other options:

    A. If you no longer wish to run freshclam, deleting the log file
    (default is freshclam.log) will suppress this error message.

    B. If you use a different log file, update the appropriate
    configuration file. For example:
    echo "LogFile = log_file" >> /etc/logwatch/conf/logfiles/clam-update.conf
    where log_file is the filename of the freshclam log file.

    C. If you are logging using syslog, you need to indicate that your
    log file uses the syslog format. For example:
    echo "*OnlyService = freshclam" >> /etc/logwatch/conf/logfiles/clam-update.conf
    echo "*RemoveHeaders" >> /etc/logwatch/conf/logfiles/clam-update.conf

    ---------------------- clam-update End -------------------------
    Freshclam is running because

    Code:
    service freshclam status
    returns
    Code:
    freshclam (pid 26009) is running...
    when i do like option B above

    Code:
    echo "LogFile = freshclam.log" >> /etc/logwatch/conf/logfiles/freshclam.log.conf
    i get this error from Perl

    Code:
    Unexpected filename: [[freshclam.log]]. Not used
    Anybody who can tell me what is wrong here ?.I also use mailscanner maybe that has got something todo with it.

    I already know about http://www.webhostingtalk.com/showthread.php?t=1159466

  2. #2
    Join Date
    Jul 2009
    Posts
    71
    Hi,

    Looks like you need to create configuration file for the service at /etc/logwatch/conf/services/

  3. #3
    Join Date
    Aug 2005
    Location
    behind my screen
    Posts
    402
    Quote Originally Posted by manhalab View Post
    Hi,

    Looks like you need to create configuration file for the service at /etc/logwatch/conf/services/
    Tryed that it's producing an error or i'm putting the wrong content in it

    Code:
    LogFile = freshclam.log
    filename freshclam.log.conf

    I also noticed that for some reason my freshclam.log file gets deleted no idea yet why.

  4. #4
    Join Date
    Aug 2005
    Location
    behind my screen
    Posts
    402
    found something interesting in /usr/mailscanner/lib/clamav-autoupdate

    Code:
    $logfile = "/var/log/freshclam.log"
    
    // some other lines of code here
    
    unlink($logfile); // that is why freshclam.log get's deleted
    but why on earth that is needed

  5. #5
    Join Date
    Jul 2009
    Posts
    71
    When creating a custom logwatch file,

    You need to do the following,

    1, create file eg: "zpanel-httpd.conf" in "default.conf/services" folder (for ubuntu) the entry in the file should be ,

    LogFile = zpanel-httpd

    and add other filter as required (you set the configuration filter here)



    2, create zpanel-httpd.conf in "default.conf/logfiles" folder

    Here define the logfile group with details of log files to be used in the custom logwatch script
    3, create "zpanel-httpd" perl script in the "scripts/services" folder

    please note that the namings important.
    Last edited by manhalab; 02-13-2014 at 04:17 AM.

  6. #6
    Join Date
    Aug 2005
    Location
    behind my screen
    Posts
    402
    Code:
    *** Error: There is no logfile defined. Do you have a /etc/logwatch/conf/logfiles/clam-update.log.conf file ?
    Yes i have but it doesn't work ....

    I'm on Centos 6 by the way.

  7. #7
    Join Date
    Aug 2005
    Location
    behind my screen
    Posts
    402
    Hi,

    --------------------- clam-update Begin ------------------------
    The following version(s) of the freshclam daemon were started 0.98.1 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64): 12 Time(s) The ClamAV update process was started 21 time(s) Last ClamAV update process started at Thu Feb 13 23:02:28 2014 Last Status: Using IPv6 aware code Querying current.cvd.clamav.net TTL: 1800 Software version from DNS: 0.98.1 main.cvd version from DNS: 55 main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) daily.cvd version from DNS: 18470 daily.cvd is up to date (version: 18470, sigs: 696018, f-level: 63, builder: neo) bytecode.cvd version from DNS: 236 bytecode.cvd is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard) Current working dir is /usr/local/share/clamav ERROR: Can't save PID to file /var/run/freshclam.pid: Permission denied Max retries == 5
    The following ERRORS and/or WARNINGS were detected when running the ClamAV update process. If these ERRORS and/or WARNINGS do not show up in the "Last Status" section above, then their underlying cause has probably been corrected.
    ERRORS: Can't save PID to file /var/run/freshclam.pid: Permission denied: 12 Time(s) WARNINGS: getfile: daily-18224.cdiff not found on remote server (IP: 212.71.0.66): 1 Time(s) getpatch: Can't download daily-18224.cdiff from db.be.clamav.net: 3 Time(s) Incremental update failed, trying to download daily.cvd: 1 Time(s) getfile: daily-18224.cdiff not found on remote server (IP: 193.1.193.64): 1 Time(s)
    ---------------------- clam-update End -------------------------
    Problem solved for 90%

    Code:
    mkdir /var/clamav/
    chown clamav:clamav /var/clamav/
    chmod 755 /var/clamav/
    cd /var/run/
    ln -s /var/clamav/freshclam.pid freshclam.pid
    pico -w /usr/local/etc/freshclam.conf <<-- set it to save the pid
    I'll have to wait for a clamav update if it's 100% solved

  8. #8
    Join Date
    Aug 2005
    Location
    behind my screen
    Posts
    402
    Problem solved

    Sun Feb 23 19:29:37 2014 -> Trying to download http://db.nl.clamav.net/daily-18509.cdiff (IP: 217.19.16.188)
    Sun Feb 23 19:29:37 2014 -> Downloading daily-18509.cdiff [100%]
    Sun Feb 23 19:29:37 2014 -> cdiff_apply: Parsed 604 lines and executed 604 commands
    Sun Feb 23 19:29:38 2014 -> daily.cld updated (version: 18509, sigs: 712374, f-level: 63, builder: neo)
    Sun Feb 23 19:29:38 2014 -> Querying daily.18509.76.1.0.D91310BC.ping.clamav.net
    Sun Feb 23 19:29:38 2014 -> bytecode.cvd version from DNS: 236
    Sun Feb 23 19:29:38 2014 -> bytecode.cvd is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard)
    Sun Feb 23 19:29:41 2014 -> Database updated (3136642 signatures) from db.nl.clamav.net (IP: 217.19.16.188)
    Sun Feb 23 19:29:41 2014 -> Clamd successfully notified about the update.
    Sun Feb 23 19:29:41 2014 -> --------------------------------------
    --------------------- clam-update Begin ------------------------

    The following version(s) of the freshclam daemon were started
    0.98.1 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64): 23 Time(s)

    The ClamAV update process was started 276 time(s)

    Last ClamAV update process started at Sun Feb 23 23:01:01 2014

    Last Status:
    Using IPv6 aware code
    Querying current.cvd.clamav.net
    TTL: 1800
    Software version from DNS: 0.98.1
    main.cvd version from DNS: 55
    main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
    daily.cvd version from DNS: 18487
    Retrieving http://db.nl.clamav.net/daily-18487.cdiff
    Trying to download http://db.nl.clamav.net/daily-18487.cdiff (IP: 80.69.69.11)
    Downloading daily-18487.cdiff [100%]
    cdiff_apply: Parsed 465 lines and executed 465 commands
    Loading signatures from daily.cld
    Properly loaded 703703 signatures from new daily.cld
    daily.cld updated (version: 18487, sigs: 703701, f-level: 63, builder: neo)
    Querying daily.18487.76.1.0.5045450B.ping.clamav.net
    bytecode.cvd version from DNS: 236
    bytecode.cvd is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard)
    Database updated (3127969 signatures) from db.nl.clamav.net (IP: 80.69.69.11)
    Clamd successfully notified about the update.
    Current working dir is /usr/local/share/clamav
    Max retries == 5

    ---------------------- clam-update End -------------------------
    Last edited by cpanellover; 02-23-2014 at 03:15 PM.

Similar Threads

  1. Logwatch: Permission Denied - I can't get my logwatch reports..
    By gpl24 in forum Hosting Security and Technology
    Replies: 2
    Last Post: 01-26-2011, 04:37 PM
  2. logwatch is offline - alternative logwatch?
    By hbhb in forum Hosting Security and Technology
    Replies: 7
    Last Post: 06-08-2008, 04:14 PM
  3. Logwatch
    By GazCBG in forum Hosting Security and Technology
    Replies: 1
    Last Post: 02-22-2007, 10:08 AM
  4. Logwatch
    By synx in forum Hosting Security and Technology
    Replies: 3
    Last Post: 12-17-2005, 01:00 PM
  5. logwatch weird issue
    By xtreme2490 in forum Hosting Security and Technology
    Replies: 3
    Last Post: 05-07-2005, 01:06 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •