Working with Antivirus Logs

Describes the procedure to work with Antivirus logs

Log files are generated for all system and database activities. These logs are stored in the local log file, runtime.log which is saved in the /etc/opt/Antivirus/ directory.

You can view and delete the local log files.

Viewing Antivirus Logs

The logs for the Antivirus can be viewed from the appliance Web UI. The logs consist of Antivirus database updates, scan results, infections found, and so on. These logs are also available on the Auditstore > Analytics screen. You can view all logs, including those deleted, in the local file.

Perform the following steps to view logs.

  1. Navigate to Settings > Security > Antivirus.
  2. Click Log.

Deleting Logs from Local File Using the Web UI

Perform the following steps to delete logs from local file using the Web UI.

  1. Navigate to Settings > Security > Antivirus.
  2. Click Log.
  3. Click Purge.
    All existing logs in the local log file are deleted.

Viewing Logs from the CLI Manager

Perform the following steps to delete logs from local file using the CLI Manager.

  1. Navigate to Status and Logs > Appliance Logs.
  2. Select System event logs.
  3. Press View.
  4. From the list of available installed patches, select patches.
  5. Press Show.
    A detailed list of patch related logs are displayed on the ESA Server window.

Configuring Log Rotation and Log Retention

Perform the following steps to configure log rotation and log retention.

  1. Append the following configuration to the /etc/logrotate.conf file:

    /var/log/clamav/*.log
    { missingok monthly size 10M rotate 1 }
    
  2. For periodic log rotation, run the following command:

    cd /etc/opt/Antivirus/
    mv /etc/opt/Antivirus/runtime.log /var/log/clamav
    ln -s /var/log/clamav/runtime.log runtime.log