Q I use ClamAV for scanning all email. To make this more efficient, I use the daemon service clamd. Recently I noticed that the clamd log file was getting quite large (I know that there is an option in the config settings to limit the log size in kB or MB, but that's not quite what I want). IÊdecided to drop a job into my /etc/logrotate.d/ directory.
/var/log/clamd.log {
missingok
notifempty
daily
rotate 4
create 0620 clamav clamav
}
This rotated the files, producing a clamd.log and clamd.log.1 file. To my surprise however, I found that the new clamd.log was empty and that the clamd.log.1 file was still being written to! I found that by restarting the daemon the new log file was used, so I added the following lines to the script
postrotate /sbin/service clamd restart endscript
Now all works as expected, the log files are rotated and clamd uses the new file. However, I now get the following email each time it is run
/etc/cron.daily/logrotate:
Stopping clamd: [ OK ] Starting clamd: [ OK ]
Is it possible either to rotate the files without having to restart the daemon, or silence the output of the restart?
A Clamd keeps the log file open, so when you rename it, it's still accessing the same file. A file is locked by its inode, so however many times you rename it, the process that has a lock on it will still access the same file. When you stop and restart the daemon, it releases its lock on the file and opens a new one, this time using the new file by the same name. It may be possible to force this without a restart; it depends on how your distro has set it up. Instead of the restart line in postrotate, try this
/bin/kill -HUP $(cat /var/run/clamd.pid 2>/dev/null) 2>/dev/null
This reads the process ID of clamd from /var/run/clamd.pid (the location may vary slightly from one distro to the next) and uses that as an argument to kill, which sends a SIGHUP to the process. SIGHUP requests a program to reload its configuration, which should cause it to release and reopen its log file. The two redirections are for the output from cat and that from kill, both being sent to /dev/null to avoid pointless emails from Cron.
Cron will mail you when a program produces anything on standard output, so if you have to use the service command, redirect both stdout and stderr to /dev/null.
/sbin/service clamd restart >/dev/null 2>&1