Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Logwatchfreshclam log error

170 views
Skip to first unread message

Aniruddha

unread,
Jul 27, 2010, 10:40:02 AM7/27/10
to
I get the following error message with logwatch:

--------------------------------------------------------------
No updates detected in the log for the freshclam daemon (the
ClamAV update process).
--------------------------------------------------------------

I already filed a bug because imo the default settings aren't working.
Now I try to solve this but I can't pinpoint the exact root cause.
Freshclam is working and running.

I tried creating a 'clam-update.conf' with the correct path, this didn't
work. Anyone else who has an idea what might be the problem? Thanks in
advance! Some relevant information:


---------------------------------------------------------------
# cat /usr/share/logwatch/dist.conf/logfiles/clam-update.conf
LogFile = /var/log/clamav/freshclam.log

# /etc/init.d/clamav-freshclam status
freshclam is running.

# grep log /usr/share/logwatch/default.conf/logfiles/clam-update.conf#
Analyzes the Clam Anti-Virus update log
# /usr/share/logwatch/default.conf/logfiles/clam-update.conf (this file)
# /usr/share/logwatch/default.conf/services/clam-update.conf
# /usr/share/logwatch/scripts/services/clam-update
# /var/log/clam-update
# alert, you should delete the logfile. If there's no logfile, no alerts
# will be output - but if Logwatch finds a logfile and no update attempts
LogFile = freshclam.log
LogFile = clamav/freshclam.log
Archive = freshclam.log.*
Archive = clamav/freshclam.log.*
Archive = archiv/freshclam.log.*

# tail /var/log/clamav/freshclam.log
Tue Jul 27 15:39:24 2010 -> ClamAV update process started at Tue Jul 27
15:39:24 2010
Tue Jul 27 15:39:24 2010 -> main.cvd is up to date (version: 52, sigs:
704727, f-level: 44, builder: sven)
Tue Jul 27 15:39:54 2010 -> nonblock_connect: connect timing out (30 secs)
Tue Jul 27 15:39:54 2010 -> Can't connect to port 80 of host
db.local.clamav.net (IP: 192.121.13.5)
Tue Jul 27 15:39:54 2010 -> Trying host db.local.clamav.net
(193.1.193.64)...
Tue Jul 27 15:39:54 2010 -> Downloading daily-11440.cdiff [100%]
Tue Jul 27 15:39:54 2010 -> daily.cld updated (version: 11440, sigs:
107962, f-level: 53, builder: arnaud)
Tue Jul 27 15:39:54 2010 -> bytecode.cld is up to date (version: 32,
sigs: 8, f-level: 53, builder: edwin)
Tue Jul 27 15:39:54 2010 -> Database updated (812697 signatures) from
db.local.clamav.net (IP: 193.1.193.64)
Tue Jul 27 15:39:54 2010 -> --------------------------------------


Logwatch error message:
--------------------- clam-update Begin ------------------------


No updates detected in the log for the freshclam daemon (the
ClamAV update process). If the freshclam daemon is not running,
you may need to restart it. Other options:

A. If you no longer wish to run freshclam, deleting the log file
(default is freshclam.log) will suppress this error message.

B. If you use a different log file, update the appropriate
configuration file. For example:
echo "LogFile = log_file" >>
/etc/logwatch/conf/logfiles/clam-update.conf
where log_file is the filename of the freshclam log file.

C. If you are logging using syslog, you need to indicate that your
log file uses the syslog format. For example:
echo "*OnlyService = freshclam" >>
/etc/logwatch/conf/logfiles/clam-update.conf
echo "*RemoveHeaders" >>
/etc/logwatch/conf/logfiles/clam-update.conf

---------------------- clam-update End -------------------------


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/4C4EEF3...@gmail.com

Camaleón

unread,
Jul 27, 2010, 2:40:02 PM7/27/10
to
On Tue, 27 Jul 2010 16:37:51 +0200, Aniruddha wrote:

> I get the following error message with logwatch:

(...)

> # grep log /usr/share/logwatch/default.conf/logfiles/clam-update.conf


> # Analyzes the Clam Anti-Virus update log
> # /usr/share/logwatch/default.conf/logfiles/clam-update.conf (this file)
> # /usr/share/logwatch/default.conf/services/clam-update.conf
> # /usr/share/logwatch/scripts/services/clam-update
> # /var/log/clam-update

^^^^^^^^^^^^^^^^^^^^

The above path...

> # tail /var/log/clamav/freshclam.log
^^^^^^^^^^^^^^^^

And this one, differ.

Is that right? Maybe "logwatch" is looking into "/var/log/clam-update/
freshclam.log" and finds nothing :-?

You can make a quick test and try it with the full path:

***
LogFile = /var/log/clamav/freshclam.log
***

Restart the service and see what happens. Remember to change it after the
test.

If that works, just use a custom rule under "/etc/logwatch/conf/logfiles/
clam-update.conf" and put any modification there as the docs say.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Archive: http://lists.debian.org/pan.2010.07...@gmail.com

Aniruddha

unread,
Jul 27, 2010, 4:00:02 PM7/27/10
to
On Tue, Jul 27, 2010 at 8:32 PM, Camaleón <noel...@gmail.com> wrote:
>
> Is that right? Maybe "logwatch" is looking into "/var/log/clam-update/
> freshclam.log" and finds nothing :-?
>
> You can make a quick test and try it with the full path:
>
> ***
> LogFile = /var/log/clamav/freshclam.log
> ***
>

Thanks for the help!  I've added the correct logpath to
'clam-update.conf'  but this didn't make any difference.

# grep log /usr/share/logwatch/default.conf/logfiles/clam-update.conf

# Analyzes the Clam Anti-Virus update log
# /usr/share/logwatch/default.conf/logfiles/clam-update.conf (this file)
# /usr/share/logwatch/default.conf/services/clam-update.conf
# /usr/share/logwatch/scripts/services/clam-update
# /var/log/clam-update

# alert, you should delete the logfile. If there's no logfile, no alerts
# will be output - but if Logwatch finds a logfile and no update attempts

#LogFile = freshclam.log
LogFile = /var/log/clamav/freshclam.log


LogFile = clamav/freshclam.log
Archive = freshclam.log.*
Archive = clamav/freshclam.log.*
Archive = archiv/freshclam.log.*

--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Archive: http://lists.debian.org/AANLkTionuNgPVCDXGD2gZ...@mail.gmail.com

Camaleón

unread,
Jul 27, 2010, 6:00:02 PM7/27/10
to
On Tue, 27 Jul 2010 21:52:29 +0200, Aniruddha wrote:

> On Tue, Jul 27, 2010 at 8:32 PM, Camaleón <noel...@gmail.com> wrote:
>>
>> Is that right? Maybe "logwatch" is looking into "/var/log/clam-update/
>> freshclam.log" and finds nothing :-?
>>
>> You can make a quick test and try it with the full path:
>>
>> ***
>> LogFile = /var/log/clamav/freshclam.log ***
>>
>>
> Thanks for the help!  I've added the correct logpath to
> 'clam-update.conf'  but this didn't make any difference.

(...)

> LogFile = clamav/freshclam.log
^^^^^^^^^^^^^^^^^^^^
(...)

Okay... after a careful reading of "/usr/share/logwatch/logwatch.conf"
I've noticed that all log files are relative to path "/var/log" so the
line "LogFile = clamav/freshclam.log" should be just enough for Debian
systems (no need to put the full path, which otoh, is not working).

Dunno why it is not detecting the log, all seems right :-?

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Archive: http://lists.debian.org/pan.2010.07...@gmail.com

0 new messages