Clamd.log not rotating and not present. :)

Richard G

Verified User
Joined
Jul 6, 2008
Messages
12,554
Location
Maastricht
Hello.

I installed clamav on 2 servers to scan mail. Both are done with Custombuild 2.0.

On 1 of the servers, the log is not rotating and I've got logfiles from june 2018 like clamd.log-20180601_033034.

On the other server /var/log does not even contain a clamd.log file.

But when checking on both servers clamd is running.

How can I fix these two issues?
 
Hello Richard,

ClamAV installed from Custombuild/Directadmin does not write logs to a separate file, it writes logs to a default logfile with syslog.

So if you replaced a rpm-based ClamAV with one from Custombuild, it might explain why logging and rotating stopped.
 
Thank you Alex, but that's odd. I did not install an rpm-based Clamav.

But it could be that on one server, when I updated cpan, some time ago I've seen something passing from spamassassin maybe it's installed via cpan too?

However, on the other server (server 1) I do have logfiles, but as stated, they do not rotate.

On the server2 the clamd.log reads this:
Code:
Sat Mar 23 19:04:01 2019 -> /usr/local/directadmin/scripts/custom/clamav.txt: OK
Sat Mar 23 19:05:18 2019 -> instream(127.0.0.1@38432): OK
Sat Mar 23 19:07:47 2019 -> SelfCheck: Database status OK.
Sat Mar 23 19:07:47 2019 -> instream(127.0.0.1@38452): OK
Sat Mar 23 19:08:59 2019 -> instream(127.0.0.1@38492): OK
Sat Mar 23 19:10:33 2019 -> instream(127.0.0.1@38516): OK
Sat Mar 23 19:10:45 2019 -> instream(127.0.0.1@38526): OK
Sat Mar 23 19:16:10 2019 -> instream(127.0.0.1@38666): OK
Sat Mar 23 19:17:46 2019 -> instream(127.0.0.1@38740): OK
Sat Mar 23 19:20:06 2019 -> SelfCheck: Database status OK.

The custom clamav.txt is needed for the clamdcheck script I installed there to check if clamd is running.
Server 1 is the server where these logfiles do not rotate.

On server 2 I do not have any logfiles from Clamav. And there are no logs in /var/log/messages either, both servers are running Centos 6.x.
I doublechecked, no clamav via yum installed.
 
Just found out something else. I did a ./build clamav on both servers.
But by accident I looked at my /tmp directory.

Now on server 2 (the one without logs) I see a clamd.socket there.
This is not present on server 1. I don't know why server 2 does have a clamd.socket there and server 1 does not.
 
Compare configs then in /etc/clamd.conf and rpm list

Code:
rpm -qa | grep -i clam
 
Oh LoL. I think I'm too tired. Looking at the wrong config file.
RPM gave no result, so that was good.

But I was lookcing for clamav.conf and overseen that and then looked at freshclam.conf instead of clamd.conf so... aaargh...
So I found it now and can put things the same there too.

Thank you again Alex!

Edit: However this still does not explain why logfiles are not rotated on server 1... I have this:
Code:
# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
# Default: no
LogRotate yes
Maybe I can better make a manual rotate setting.
 
Last edited:
See: Enable log rotation. Always enabled when LogFileMaxSize is enabled.

Code:
# Maximum size of the log file.
# [B]Value of 0 disables the limit.[/B]
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.[B] If LogFileMaxSize is enabled, log[/B]
# [B]rotation (the LogRotate option) will always be enabled.[/B]
# Default: 1M
#LogFileMaxSize 2M


For daily/weekly rotations check /etc/logrotate.d/ directory and add your instructions there. A file for ClamAV might exist already on one of your servers.
 
Hello Alex.
Yes that was also enabled.
I indeed need to create a logrotate entry in /etc/logrotate.d because none is present.
But I will find one somewhere.
 
Logrotate.conf is configured to rotate logs in 4 days if I'm not mistaken, would this be a good one to rotate every 4 days?
Code:
/var/log/clamd.log {
            missingok
            notifempty
            create 644 clamav clamav
    }
 
By default CentOS rotates logs weekly with 4 weeks retention. It's OK to have the defaults. I prefer daily rotations.
 
Back
Top