On Tue, 27 May 2003, Ronan Lucio wrote: > Hello, > > I'd like to make a report about the viruses catched by ClamAV. > So, to do this I tried to read the clamav log file and create > a txt file with the results, but, when I remove the clamd log > file, ClamAV don't create it againg. ClamAV only create a new > log file when I restart it. > > So, If I want to leave the file blank each time I read it, > should I restart clamd? > > It's not so good to an automated process. > > Any tip would be appreciated.
I hope you already rotate that log with logrotate. How often do you want to generate the report? Weekly? Rotate the log weekly and logrotate will take care of the log file recreation. If you want to rotate the log monthly and generate the report weekly then a trick I frequently use will work for you. First get a copy of LogCheck. http://freshmeat.net/redir/logcheck/40274/url_tgz/logcheck-1.1.1.tar.gz Ungz and untar that file. Compile logcheck. You don't have to install it if you don't want the whole thing (handy tool though). Copy src/logtail to somewhere useful like /usr/local/bin/. Usage is simple: logtail /path/to/your/log offsetFile > tempFile Logtail stores the decimal offset and inode of the file in file to remember exactly what it last read from the log file. It outputs the remaining log to STDOUT. Dump that to a temp file and use that file as a collection of data for your report generating. Automate this with crons. First call a script that calls logtail. Then call your report generation script. Or merge the two and pipe logtail's output into your report generation script. I always dump it to file because I pull multiple data sources from that output (like POP and IMAP client connections or spam rejections of various types in a 5 minute period). I threw together the shell script below to call logtail and handle simple instance locking in one go. #!/bin/bash LOGTAIL=/usr/local/bin/logtail workDir=/noc/mail-stats tmpFile=$workDir/current-log.out offsetFile=$workDir/current-log.offset lockFile=.logtail-lock # Local lock file check/creation if [ -f $workDir/$lockFile ]; then echo ERROR: Local lock "$workDir/$lockFile" exists.; exit 1; else date > $workDir/$lockFile fi # remove the old temp file if it exists # Not really needed but... if [ -f $tmpFile ]; then rm -f $tmpFile fi $LOGTAIL /var/log/maillog $offsetFile > $tmpFile # Remove the lock file. rm -f $workDir/$lockFile || echo "ERROR: Can't remove $workDir/$lockFile." Good luck Justin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
