On 2011-09-27 13:13, Forlani M. wrote: > > Hi all, i'm new here, please excuse my little english. > I have a centralized syslog server and i've configured clamd to send logs as > LogFacility local1. > It's working fine, but this is what i'm obtaining: > files/folders clamd can't access as local1.warning > files infected local1.info > > There's a way to set local1.critical or alert for infected files?
No you can't configure it from clamd.conf, please open an enhancement request on bugs.clamav.net: You could write a virusevent script, put VirusEvent /path/to/yourscript in clamd.conf, and in yourscript: #!/bin/sh /usr/bin/logger -t clamd -p local1.alert "$CLAM_VIRUSEVENT_FILENAME: $CLAM_VIRUSEVENT_VIRUSNAME FOUND" > It's more simply find a critical/alert message in syslog, and in this way i > can "refine" logs and reports. > > I'm using clamav on centos 5.5, installed from rpmforge repository: ClamAV > 0.97.2/13679 > Thanks > If you're using rsyslogd it should be possible to match on msg content FOUND and send the output to a different place, or override the loglevel. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
