Building a log gathering agent

Hugo van der Kooij hvdkooij at vanderkooij.org
Tue Mar 6 22:59:30 CET 2007


On Tue, 6 Mar 2007, Tom G. Christensen wrote:

> Hugo van der Kooij wrote:
>>  grep "Viruses marked as silent" > /tmp/hvdkooij-syslog
>> 
> I just grabbed the script and ran it on the maillog from my primary MX.
> I use ClamAV and Etrust for antivirus and the script fails miserably.
>
> The output just starts of with lines like this:
> msg-9239-45.txt contains Email.Img.Gen018.Sanesecurity.06122000
> ..
> and ends like this:
> Scanner hits:
>
> Virus hits:
>        :                                                       1226
> ---
>
> Pretty useless :)
>
> Unfortunately I cannot share my logs with you but if there's some specific 
> type of logline you'd like to see I can grab and sanitize a few examples for 
> you.

I doubt if there is anything exiting left after you perform the grep as 
indicated. It only contains filenames. And a (bit of) sample log would do 
wonders at it will show me what needs to be parsed.

Hugo.

-- 
 	hvdkooij at vanderkooij.org	http://hugo.vanderkooij.org/
 	    This message is using 100% recycled electrons.

 	Some men see computers as they are and say "Windows"
 	I use computers with Linux and say "Why Windows?"
 		(Thanks JFK, for the insight.)


More information about the MailScanner mailing list