Building a log gathering agent
Hugo van der Kooij
hvdkooij at vanderkooij.org
Tue Mar 6 22:59:30 CET 2007
On Tue, 6 Mar 2007, Tom G. Christensen wrote:
> Hugo van der Kooij wrote:
>> grep "Viruses marked as silent" > /tmp/hvdkooij-syslog
>>
> I just grabbed the script and ran it on the maillog from my primary MX.
> I use ClamAV and Etrust for antivirus and the script fails miserably.
>
> The output just starts of with lines like this:
> msg-9239-45.txt contains Email.Img.Gen018.Sanesecurity.06122000
> ..
> and ends like this:
> Scanner hits:
>
> Virus hits:
> : 1226
> ---
>
> Pretty useless :)
>
> Unfortunately I cannot share my logs with you but if there's some specific
> type of logline you'd like to see I can grab and sanitize a few examples for
> you.
I doubt if there is anything exiting left after you perform the grep as
indicated. It only contains filenames. And a (bit of) sample log would do
wonders at it will show me what needs to be parsed.
Hugo.
--
hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
This message is using 100% recycled electrons.
Some men see computers as they are and say "Windows"
I use computers with Linux and say "Why Windows?"
(Thanks JFK, for the insight.)
More information about the MailScanner
mailing list