Monitoring clamav signature updates

[brianmas at highstream.net]

Quoting Tommy Abrahamsson <tommy at tommy.adsl.dk>:

> Hi
>
> I'm trying to figure out the best way of monitoring if a ClamAV daemon
> (www.clamav.net) is updated properly with the latest signatures.
>
> My idea was to have some kind of plugin comparing the local value -
> "sigtool -i /path/to/signature" - with the official values - "host -t
> txt current.cvd.clamav.net".
>
> It'll be cool if Nagios could do this. So do somebody out here already
> have experiences with this, or maybe already written a plugin?
> What would be the best way, using a NSCA or NRPE to achieve this kind of
> monitoring?

Here is a related tip:

on nrpe monitored side:
freshclam running with these options in freshclam.conf file:

UpdateLogFile /tmp/freshclam.log
OnUpdateExecute chmod o+r /tmp/freshclam.log
this might be needed as well not sure:
LogVerbose

nrpe with this in nrpe.cfg file:
command[check_freshclam]=/usr/local/nagios/libexec/check_log -F
/tmp/freshclam.log  -O /home/nagios/freshclam.log -q OUTDATED

(above line wrapped)

you can figure out the rest. This will inform you if they have released a new
version of clamav basically, I always find out about new clamav versions from
my logs anyway it seems.



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null