Results 1 to 8 of 8
Thread: Logwatch issue
-
02-12-2014, 10:23 AM #1Aspiring Evangelist
- Join Date
- Aug 2005
- Location
- behind my screen
- Posts
- 402
Logwatch issue
Hi people,
My daily logwatch report is not detecting ClamAV antivirus updates.The reports include a section like
--------------------- clam-update Begin ------------------------
No updates detected in the log for the freshclam daemon (the
ClamAV update process). If the freshclam daemon is not running,
you may need to restart it. Other options:
A. If you no longer wish to run freshclam, deleting the log file
(default is freshclam.log) will suppress this error message.
B. If you use a different log file, update the appropriate
configuration file. For example:
echo "LogFile = log_file" >> /etc/logwatch/conf/logfiles/clam-update.conf
where log_file is the filename of the freshclam log file.
C. If you are logging using syslog, you need to indicate that your
log file uses the syslog format. For example:
echo "*OnlyService = freshclam" >> /etc/logwatch/conf/logfiles/clam-update.conf
echo "*RemoveHeaders" >> /etc/logwatch/conf/logfiles/clam-update.conf
---------------------- clam-update End -------------------------
Code:service freshclam status
Code:freshclam (pid 26009) is running...
Code:echo "LogFile = freshclam.log" >> /etc/logwatch/conf/logfiles/freshclam.log.conf
Code:Unexpected filename: [[freshclam.log]]. Not used
I already know about http://www.webhostingtalk.com/showthread.php?t=1159466
-
02-12-2014, 10:47 AM #2Junior Guru Wannabe
- Join Date
- Jul 2009
- Posts
- 71
Hi,
Looks like you need to create configuration file for the service at /etc/logwatch/conf/services/
-
02-12-2014, 11:09 AM #3Aspiring Evangelist
- Join Date
- Aug 2005
- Location
- behind my screen
- Posts
- 402
-
02-12-2014, 03:47 PM #4Aspiring Evangelist
- Join Date
- Aug 2005
- Location
- behind my screen
- Posts
- 402
found something interesting in /usr/mailscanner/lib/clamav-autoupdate
Code:$logfile = "/var/log/freshclam.log" // some other lines of code here unlink($logfile); // that is why freshclam.log get's deleted
-
02-13-2014, 04:12 AM #5Junior Guru Wannabe
- Join Date
- Jul 2009
- Posts
- 71
When creating a custom logwatch file,
You need to do the following,
1, create file eg: "zpanel-httpd.conf" in "default.conf/services" folder (for ubuntu) the entry in the file should be ,
LogFile = zpanel-httpd
and add other filter as required (you set the configuration filter here)
2, create zpanel-httpd.conf in "default.conf/logfiles" folder
Here define the logfile group with details of log files to be used in the custom logwatch script
3, create "zpanel-httpd" perl script in the "scripts/services" folder
please note that the namings important.Last edited by manhalab; 02-13-2014 at 04:17 AM.
-
02-13-2014, 01:27 PM #6Aspiring Evangelist
- Join Date
- Aug 2005
- Location
- behind my screen
- Posts
- 402
Code:*** Error: There is no logfile defined. Do you have a /etc/logwatch/conf/logfiles/clam-update.log.conf file ?
I'm on Centos 6 by the way.
-
02-14-2014, 08:25 AM #7Aspiring Evangelist
- Join Date
- Aug 2005
- Location
- behind my screen
- Posts
- 402
Hi,
--------------------- clam-update Begin ------------------------
The following version(s) of the freshclam daemon were started 0.98.1 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64): 12 Time(s) The ClamAV update process was started 21 time(s) Last ClamAV update process started at Thu Feb 13 23:02:28 2014 Last Status: Using IPv6 aware code Querying current.cvd.clamav.net TTL: 1800 Software version from DNS: 0.98.1 main.cvd version from DNS: 55 main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) daily.cvd version from DNS: 18470 daily.cvd is up to date (version: 18470, sigs: 696018, f-level: 63, builder: neo) bytecode.cvd version from DNS: 236 bytecode.cvd is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard) Current working dir is /usr/local/share/clamav ERROR: Can't save PID to file /var/run/freshclam.pid: Permission denied Max retries == 5
The following ERRORS and/or WARNINGS were detected when running the ClamAV update process. If these ERRORS and/or WARNINGS do not show up in the "Last Status" section above, then their underlying cause has probably been corrected.
ERRORS: Can't save PID to file /var/run/freshclam.pid: Permission denied: 12 Time(s) WARNINGS: getfile: daily-18224.cdiff not found on remote server (IP: 212.71.0.66): 1 Time(s) getpatch: Can't download daily-18224.cdiff from db.be.clamav.net: 3 Time(s) Incremental update failed, trying to download daily.cvd: 1 Time(s) getfile: daily-18224.cdiff not found on remote server (IP: 193.1.193.64): 1 Time(s)
---------------------- clam-update End -------------------------
Code:mkdir /var/clamav/ chown clamav:clamav /var/clamav/ chmod 755 /var/clamav/ cd /var/run/ ln -s /var/clamav/freshclam.pid freshclam.pid pico -w /usr/local/etc/freshclam.conf <<-- set it to save the pid
-
02-23-2014, 03:11 PM #8Aspiring Evangelist
- Join Date
- Aug 2005
- Location
- behind my screen
- Posts
- 402
Problem solved
Sun Feb 23 19:29:37 2014 -> Trying to download http://db.nl.clamav.net/daily-18509.cdiff (IP: 217.19.16.188)
Sun Feb 23 19:29:37 2014 -> Downloading daily-18509.cdiff [100%]
Sun Feb 23 19:29:37 2014 -> cdiff_apply: Parsed 604 lines and executed 604 commands
Sun Feb 23 19:29:38 2014 -> daily.cld updated (version: 18509, sigs: 712374, f-level: 63, builder: neo)
Sun Feb 23 19:29:38 2014 -> Querying daily.18509.76.1.0.D91310BC.ping.clamav.net
Sun Feb 23 19:29:38 2014 -> bytecode.cvd version from DNS: 236
Sun Feb 23 19:29:38 2014 -> bytecode.cvd is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard)
Sun Feb 23 19:29:41 2014 -> Database updated (3136642 signatures) from db.nl.clamav.net (IP: 217.19.16.188)
Sun Feb 23 19:29:41 2014 -> Clamd successfully notified about the update.
Sun Feb 23 19:29:41 2014 -> ----------------------------------------------------------- clam-update Begin ------------------------
The following version(s) of the freshclam daemon were started
0.98.1 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64): 23 Time(s)
The ClamAV update process was started 276 time(s)
Last ClamAV update process started at Sun Feb 23 23:01:01 2014
Last Status:
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1800
Software version from DNS: 0.98.1
main.cvd version from DNS: 55
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cvd version from DNS: 18487
Retrieving http://db.nl.clamav.net/daily-18487.cdiff
Trying to download http://db.nl.clamav.net/daily-18487.cdiff (IP: 80.69.69.11)
Downloading daily-18487.cdiff [100%]
cdiff_apply: Parsed 465 lines and executed 465 commands
Loading signatures from daily.cld
Properly loaded 703703 signatures from new daily.cld
daily.cld updated (version: 18487, sigs: 703701, f-level: 63, builder: neo)
Querying daily.18487.76.1.0.5045450B.ping.clamav.net
bytecode.cvd version from DNS: 236
bytecode.cvd is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard)
Database updated (3127969 signatures) from db.nl.clamav.net (IP: 80.69.69.11)
Clamd successfully notified about the update.
Current working dir is /usr/local/share/clamav
Max retries == 5
---------------------- clam-update End -------------------------Last edited by cpanellover; 02-23-2014 at 03:15 PM.
Similar Threads
-
Logwatch: Permission Denied - I can't get my logwatch reports..
By gpl24 in forum Hosting Security and TechnologyReplies: 2Last Post: 01-26-2011, 04:37 PM -
logwatch is offline - alternative logwatch?
By hbhb in forum Hosting Security and TechnologyReplies: 7Last Post: 06-08-2008, 04:14 PM -
Logwatch
By GazCBG in forum Hosting Security and TechnologyReplies: 1Last Post: 02-22-2007, 10:08 AM -
Logwatch
By synx in forum Hosting Security and TechnologyReplies: 3Last Post: 12-17-2005, 01:00 PM -
logwatch weird issue
By xtreme2490 in forum Hosting Security and TechnologyReplies: 3Last Post: 05-07-2005, 01:06 PM