Hi there,

On Sun, 13 Dec 2009 Jason Frisvold wrote:

> I seem to be having some problem with clamd and logrotate.

FWIW I use logrotate for just about everything that logs, with almost
no trouble.  I did recently have to upgrade from a very old version of
logrotate on a very old Red Hat system, but I can't remember now what
exactly it was doing (or not doing) that I didn't like.  Something to
do with messing up when I had complex command lines in the logrotate
scripts themselves.  What version of logrotate are you using?

Incidentally I use syslog-ng for just about all logging, and I can't
recommend it highly enough.

> Logrotate reloads clamd after rotating the logfile and creating a
> new one, but clamd fails reload with the following :
>
> Reloading log file:                                        [FAILED]

I wonder if this 'reload' isn't doing quite what you think it's doing?
Actually I don't think I understand the term 'reloading a log file'.
(OTOH I do think I understand the terms 'reloading a database' and
'reopening a log file'. :) You haven't given us enough information to
know what exactly is going on in this case.  For example I'm assuming
that you want clamd to write to the log file directly (as opposed to
using the syslog facilities) but you could confirm that by letting us
have sight of your clamd.conf and the command line which starts clamd.
You can probably get the latter from 'ps'.

> It does the same if I try to manually reload clamd as well.  A
> restart, however, seems to work properly and logging continues.

If you mean 'reload' as in 'give the reload command to clamd' then I
think you're doing nothing that will tell clamd to close and reopen
its log file.  See the 'man' page for clamd.

> My logrotate file is as follows :
> ...
>     postrotate
>       /sbin/service clamd reload 2> /dev/null 2> /dev/null || true
> ...

Why not just make that something like 'restart' instead of 'reload'?
Alternatively you might want to try something like

postrotate
  /usr/bin/killall -s 9 clamd ; \
  /bin/rm -f /path/to/clamd.sock ; \
  /path/to/clamd --suitable-switches

Obviously this is just a skeleton, you'll need to adjust it for things
like the paths in your system.  If that doesn't do what you want, then
we'll probably need to see what happens when you run logrotate with the
'verbose' option, and perhaps what's in '/sbin/service'.

--

73,
Ged.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Reply via email to