My log is stored as /var/spool/exim/log/clamd.log
You probably need to tidy it up a little
#! /bin/sh
keep=10
compress=/usr/bin/gzip
suffix=gz
chown=/usr/bin/chown
chgrp=/usr/bin/chgrp
mv=/bin/mv
rm=/bin/rm
log_file_path=/var/spool/exim/log/
logdir=$log_file_path
viruslog=clamd-log
cd $logdir
cp clamd.log clamd-log
cp /dev/null clamd.log
#clamd log processing
a=`ls -lg $viruslog`
b=`ls -l $viruslog`
user=`echo "$a
$b
" | awk 'BEGIN { OFS=""} { if ($5 ~ /^[0-9]+$/) { print $3; exit; } }'`
group=`echo "$a
$b
" | awk 'BEGIN { OFS=""} { if ($5 ~ /^[0-9]+$/) { print $4; exit; } }'`
if [ $keep -lt 10 ]; then keept=0$keep; else keept=$keep; fi;
if [ -f $viruslog.$keept ]; then $rm $viruslog.$keept; fi;
if [ -f $viruslog.$keept.$suffix ]; then $rm $viruslog.$keept.$suffix; fi;
count=$keep
if [ $count -lt 10 ]; then countt=0$count; else countt=$count; fi;
while [ $count -gt 1 ]; do
old=`expr $count - 1`
if [ $old -lt 10 ]; then oldt=0$old; else oldt=$old; fi;
if [ -f $viruslog.$oldt ]; then
$mv $viruslog.$oldt $viruslog.$countt
elif [ -f $viruslog.$oldt.$suffix ]; then
$mv $viruslog.$oldt.$suffix $viruslog.$countt.$suffix
fi
count=$old
countt=$oldt
done
if [ -f $viruslog ]; then
$mv $viruslog $viruslog.01
$chown $user:$group $viruslog.01
fi
count=2;
while [ $count -le $keep ]; do
if [ $count -lt 10 ]; then countt=0$count; else countt=$count; fi
if [ -f $viruslog.$countt ]; then $compress $viruslog.$countt; fi
if [ -f $viruslog.$countt.$suffix ]; then
$chown $user:$group $viruslog.$countt.$suffix
fi
count=`expr $count + 1`
done
[EMAIL PROTECTED] wrote:
On Tue, 27 May 2003, Ronan Lucio wrote:Hello,I'd like to make a report about the viruses catched by ClamAV. So, to do this I tried to read the clamav log file and create a txt file with the results, but, when I remove the clamd log file, ClamAV don't create it againg. ClamAV only create a new log file when I restart it. So, If I want to leave the file blank each time I read it, should I restart clamd? It's not so good to an automated process. Any tip would be appreciated.I hope you already rotate that log with logrotate. How often do you want to generate the report? Weekly? Rotate the log weekly and logrotate will take care of the log file recreation. If you want to rotate the log monthly and generate the report weekly then a trick I frequently use will work for you. First get a copy of LogCheck. http://freshmeat.net/redir/logcheck/40274/url_tgz/logcheck-1.1.1.tar.gz Ungz and untar that file. Compile logcheck. You don't have to install it if you don't want the whole thing (handy tool though). Copy src/logtail to somewhere useful like /usr/local/bin/. Usage is simple:
