I need the info in syslog and I would like to avoid writing the output of clamscan to a logfile, as I need to write the output to a another logfile as well. Piping the output to logger resulted in the same issue, the output did not show up in syslog.
I found a solution to my problem * * * * * root /usr/bin/bash -c '/usr/bin/clamscan -r /root/ 2>&1 > >(/usr/bin/systemd-cat --identifier=clamscan)' It looks like you were right about the missing tty causing the issue. While trying to find a solution I manage to get the following output from clamscan at one point: “Must be connected to a terminal.” Thank you for your input! Best regards, Jens From: Franky Van Liedekerke <liede...@telenet.be> Sent: Thursday, April 4, 2019 11:03 AM To: ClamAV users ML <clamav-users@lists.clamav.net> Subject: Re: [clamav-users] connect clamscan output to journal with systemd-cat Do you want the info in journald or just in syslog? Because rsyslog can monitor logfiles directly too. Your call to clamscan from cron might refuse to output info (because no tty perhaps), maybe first try to get logs from clamscan via cron directly? Franky Op Donderdag, 04-04-2019 om 09:46 schreef Kretschmer, Jens: I probably should have mentioned that this was a minimum non-working example, which would _never_ be used on a production system. I thought that that was pretty obvious... The output is actually stored in a separate log file and not with the syslog. If you knew the complete setup, you would agree with my use of systemd-cat. Does anybody have any ideas how I can solve my problem? Best regards, Jens -----Original Message----- From: Dave Nelson <li...@traduction.biz<mailto:li...@traduction.biz>> Sent: Wednesday, April 3, 2019 5:21 PM To: ClamAV users ML <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> Subject: Re: [clamav-users] connect clamscan output to journal with systemd-cat Also, it should be totally unnecessary to scan your filesystem every minute, and will place an unnecessary load on your server. Postfix (or whatever) will run clamav when it needs to. And you can maybe run a full scan on your filesystem once every 24 hours if you feel paranoid. (IMHO.) Postfix will log every detection of an incoming virus, so you can watch that log, too, for a fuller view of what's happening (/var/log/mail.log by default on an Ubuntu system). Dave On 2019-04-03 17:48, Dave Nelson via clamav-users wrote: > You can configure a log specially for clamav, and that should be > plenty. Also, you can install logwatch and get mail updates once a day > or more often. You can also install netdata if you want to monitor in > real time, or simply watch the output of 'tail -f > /var/log/clamav/clamav.log' .... it's every server admin's pleasure > and duty to watch his/her server's logs roll by in a terminal window > periodically. ;-) Dave > > On 2019-04-03 15:58, SCOTT PACKARD via clamav-users wrote: >> Logfiles are a place where a sysadmin notices a host running smoothly >> (lack of anything in logs) or has problems (error messages about the >> programs show up in the logs). >> >> Looks like you are trying to misuse logfiles as a place to put >> successful/unsuccessful output that's produced by a program. >> >> You'll want to create a separate log for your program, foo.log, and >> write it to /var/log/ directory. >> >> Others can comment about scanning a host every minute. >> >> Regards, Scott >> >> FROM: clamav-users >> <clamav-users-boun...@lists.clamav.net<mailto:clamav-users-boun...@lists.clamav.net>> >> ON BEHALF >> OF Kretschmer, Jens >> SENT: Wednesday, April 03, 2019 1:34 AM >> TO: clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> >> SUBJECT: [External] [clamav-users] connect clamscan output to journal >> with systemd-cat >> >> Hi, >> >> I would like to redirect the output of clamscan to the journal, which >> should by possible by >> >> /usr/bin/clamscan -r /root/ 2>&1 | /usr/bin/systemd-cat >> --identifier="clamscan" >> >> or >> >> /usr/bin/systemd-cat --identifier="clamscan" /usr/bin/clamscan -r >> /root/ >> >> While both commands work when executed manually in the terminal, the >> output is not redirected when executed by a cronjob. If I put the >> following line into the file /etc/cron.d/clamav >> >> * * * * * root /usr/bin/systemd-cat --identifier="clamscan" >> /usr/bin/clamscan -r /root/ >> >> I can see that the clamscan process is started every minute, but the >> output is not redirected to the journal. >> >> If I put the line >> >> * * * * * root /usr/bin/systemd-cat --identifier="clamscan" ls /root/ >> >> Into the file /etc/cron.d/clamav, it is executed every minute as well >> and I can see the output of ls in the journal. >> >> Do you have any idea what could be causing the issue? >> >> Best regards, >> Jens >> >> _______________________________________________ >> >> clamav-users mailing list >> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> >> https://lists.clamav.net/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > > -- > With all best wishes, > Dave > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml -- With all best wishes, Dave _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
