Hi there, On Sun, 13 Dec 2009 Jason Frisvold wrote:
> I seem to be having some problem with clamd and logrotate. FWIW I use logrotate for just about everything that logs, with almost no trouble. I did recently have to upgrade from a very old version of logrotate on a very old Red Hat system, but I can't remember now what exactly it was doing (or not doing) that I didn't like. Something to do with messing up when I had complex command lines in the logrotate scripts themselves. What version of logrotate are you using? Incidentally I use syslog-ng for just about all logging, and I can't recommend it highly enough. > Logrotate reloads clamd after rotating the logfile and creating a > new one, but clamd fails reload with the following : > > Reloading log file: [FAILED] I wonder if this 'reload' isn't doing quite what you think it's doing? Actually I don't think I understand the term 'reloading a log file'. (OTOH I do think I understand the terms 'reloading a database' and 'reopening a log file'. :) You haven't given us enough information to know what exactly is going on in this case. For example I'm assuming that you want clamd to write to the log file directly (as opposed to using the syslog facilities) but you could confirm that by letting us have sight of your clamd.conf and the command line which starts clamd. You can probably get the latter from 'ps'. > It does the same if I try to manually reload clamd as well. A > restart, however, seems to work properly and logging continues. If you mean 'reload' as in 'give the reload command to clamd' then I think you're doing nothing that will tell clamd to close and reopen its log file. See the 'man' page for clamd. > My logrotate file is as follows : > ... > postrotate > /sbin/service clamd reload 2> /dev/null 2> /dev/null || true > ... Why not just make that something like 'restart' instead of 'reload'? Alternatively you might want to try something like postrotate /usr/bin/killall -s 9 clamd ; \ /bin/rm -f /path/to/clamd.sock ; \ /path/to/clamd --suitable-switches Obviously this is just a skeleton, you'll need to adjust it for things like the paths in your system. If that doesn't do what you want, then we'll probably need to see what happens when you run logrotate with the 'verbose' option, and perhaps what's in '/sbin/service'. -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
