On Saturday 04 Feb 2006 16:42, Tom Collins wrote: > On Feb 3, 2006, at 10:58 PM, Bill Rowe wrote: > > **Unmatched Entries** > > Received signal: wake up: 478 Time(s) > > WARNING: Current functionality level = 6, recommended = 7: 142 > > Time(s) > > WARNING: Your ClamAV installation is OUTDATED!: 420 Time(s) > > DON'T PANIC! Read http://www.clamav.net/faq.html: 420 Time(s) > > Giving up on database.clamav.net...: 4 Time(s) > > WARNING: Invalid DNS reply. Falling back to HTTP mode.: 12 Time(s) > > freshclam daemon 0.87.1 (OS: linux-gnu, ARCH: i386, CPU: i686): 8 > > Time(s) > > WARNING: Local version: 0.87.1 Recommended version: 0.88: 278 > > Time(s) > > freshclam daemon 0.88 (OS: linux-gnu, ARCH: i386, CPU: i686): 3 > > Time(s) > > Trying again in 5 secs...: 8 Time(s) > > The problem is that you aren't rotating your logs, even with the > freshclam script I provided. The counts on the messages are a pretty > good indication of that. > > I've only run servers with RedHat, so I assume that's what you're > running (I don't know if logrotate is standard on other distributions). > If you're not RedHat, then you might have to make some changes to the > config. > > Check your /var/log/messages for possible errors reported by logrotate. > Make sure your freshclam is logging to /var/log/freshclam.log. Make > sure logrotate is running before logwatch.
If logrotate is run *before* logwatch. the logs that logwatch would parse will have been rotated away, unless 'delaycompress' is used in logrotate.d, in which case logwatch will have to be configured to look for logs like messages.0 or freshclam.log.1 Logwatch looks for datestamps, midnight to midnight, so logrotate can interfere with the accuracy of logwatch reports. Ensuring that Archive=yes is set in logwatch.conf helps overcome this, but can cause logwatch to slow down on big busy servers. my 2c's worth ;-) -- ----------------- Bob Hutchinson Midwales dot com -----------------
