繼上次那篇:
UBUNTU系統版本升級後,每日報告的logwatch無法正常解析clamav的LOG。
除了參考這個做法以外:
https://www.usebox.net/jjm/blog/logwatch-and-systemd-journal/
再一次感謝AI讚嘆AI,跟AI耗了兩天腦力激盪問來問問。
終於找到一個適合的方案,能處理因為clamav更新版本後,把LOG紀錄改到journalctl,但是LOGWATCH無法解析這裡的LOG結果。
首先,驗證過程中我已經把UBUNTU原來維護的APT套件已經移除,改安裝opensource的版本:logwatch-7.13 。
新增一個clam-update.conf設定檔案
$ sudo nano /etc/logwatch/conf/services/clam-update.conf
### Added by JIR 250830
LogFile =
LogFile = none
*JournalCtl = "--output=cat --unit=clamav-freshclam.service"
然後,新增一個clam-update的PERL檔案
$ sudo nano /etc/logwatch/scripts/services/clam-update
#!/usr/bin/perl
### Added by JIR 250830
while (
if (/ClamAV update process started/) {
print $_;
}
elsif (/daily\.cld updated/) {
print $_;
}
elsif (/Database test passed/) {
print $_;
然後要可以執行的權限:
$ ls -al /etc/logwatch/scripts/services/clam-update
-rwxr-x— 1 root root 224 8月 30 16:45 /etc/logwatch/scripts/services/clam-update
這樣以後,預設的顯示應該就能看到結果
$ sudo logwatch –output stdout –service clam-update
################### Logwatch 7.13 (07/22/25) ####################
Processing Initiated: Sat Aug 30 16:54:49 2025
Date Range Processed: yesterday
( 2025-Aug-29 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: stdout / text
Logfiles for Host:
##################################################################
--------------------- clam-update Begin ------------------------
ClamAV update process started at Fri Aug 29 00:00:33 2025
Database test passed.
Fri Aug 29 00:00:39 2025 -> daily.cld updated (version: 27746, sigs: 2076468, f-level: 90, builder: raynman)
ClamAV update process started at Fri Aug 29 12:00:39 2025
---------------------- clam-update End -------------------------
###################### Logwatch End #########################
或者可以下–range指定顯示區間
$ sudo logwatch –output stdout –service clam-update –range all
################### Logwatch 7.13 (07/22/25) ####################
Processing Initiated: Sat Aug 30 17:03:58 2025
Date Range Processed: all
Detail Level of Output: 0
Type of Output/Format: stdout / text
Logfiles for Host:
##################################################################
--------------------- clam-update Begin ------------------------
ClamAV update process started at Thu Aug 7 16:35:19 2025
ClamAV update process started at Fri Aug 8 04:35:19 2025
Database test passed.
Fri Aug 8 04:35:26 2025 -> daily.cld updated (version: 27725, sigs: 2076396, f-level: 90, builder: raynman)
ClamAV update process started at Fri Aug 8 16:35:26 2025
ClamAV update process started at Sat Aug 9 04:35:26 2025
Database test passed.
Sat Aug 9 04:35:32 2025 -> daily.cld updated (version: 27726, sigs: 2076402, f-level: 90, builder: raynman)
.
... (and so on) ...
.
ClamAV update process started at Thu Aug 28 12:00:33 2025
ClamAV update process started at Fri Aug 29 00:00:33 2025
Database test passed.
Fri Aug 29 00:00:39 2025 -> daily.cld updated (version: 27746, sigs: 2076468, f-level: 90, builder: raynman)
ClamAV update process started at Fri Aug 29 12:00:39 2025
ClamAV update process started at Sat Aug 30 00:00:39 2025
Database test passed.
Sat Aug 30 00:00:46 2025 -> daily.cld updated (version: 27747, sigs: 2076429, f-level: 90, builder: raynman)
ClamAV update process started at Sat Aug 30 12:00:46 2025
---------------------- clam-update End -------------------------
###################### Logwatch End #########################
交叉比對後,看起來和掃描到的LOG資料,確定PERL能處理成功,這裡我用yesterday區間:
$ sudo journalctl –unit=clamav-freshclam.service –since yesterday –output=cat | /etc/logwatch/scripts/services/clam-update
ClamAV update process started at Fri Aug 29 00:00:33 2025
Database test passed.
Fri Aug 29 00:00:39 2025 -> daily.cld updated (version: 27746, sigs: 2076468, f-level: 90, builder: raynman)
ClamAV update process started at Fri Aug 29 12:00:39 2025
ClamAV update process started at Sat Aug 30 00:00:39 2025
Database test passed.
Sat Aug 30 00:00:46 2025 -> daily.cld updated (version: 27747, sigs: 2076429, f-level: 90, builder: raynman)
ClamAV update process started at Sat Aug 30 12:00:46 2025
因為看起來終於能用,所以晚點再來看MAIL有無收到正確的通知成果。
順便回報回去分享:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2067608