• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

DRWeb logging to console

W

wikrie

New Pleskian
Hi Everybody,

since some days I have the strange issue that all logings from DrWeb is shown directly into the console.
For example if I connect to my Server via SSH and then I sned an email to my email accoutn I see the logging of the spool.

root@************:~# 2015 Mar 25 16:44:57 * 127.0.0.1 [13727] /var/spool/drweb/spool/drweb.tmp.tWcneM - archive MAIL
2015 Mar 25 16:44:57 * 127.0.0.1 [13727] >/var/spool/drweb/spool/drweb.tmp.tWcneM/3.part - Ok
2015 Mar 25 16:44:57 * 127.0.0.1 [13727] >/var/spool/drweb/spool/drweb.tmp.tWcneM/4.part - Ok
2015 Mar 25 16:44:57 * 127.0.0.1 [13727] >/var/spool/drweb/spool/drweb.tmp.tWcneM/5.reexport - Ok
2015 Mar 25 16:44:57 * 127.0.0.1 [13727] /var/spool/drweb/spool/drweb.tmp.tWcneM - Ok

this happens in my root shell.
if I disable the Email check then this will not happen anymore.
another strange issue is that if I restart drweb and I have more than 1 ssh shell open I see the output of the restart on all shells, this issue is only for drweb not for any other service.
Did anybody know this issue and can tell me how to config drweb to log only into logfile not to the console?

I search the web and the only thing I can find was

http://download.geo.drweb.com/pub/d...ilD/en/index.html?antivirus_daemon_config.htm

In the FreeBSD operating system, syslog service can intercept information output by Dr.Web Daemon to the console. In this case, the information is logged character-by-character. That occurs when the logging level is set to *.info in the syslog configuration file (syslog.conf).



Thanks for any hints.
 
Hi,
Plesk configures drweb to use syslog to log messages. Probably your syslog service is configured to show this messages to console?
Please check this: http://serverfault.com/questions/392299/syslog-written-on-console

Also please check your drweb config files regarding log settings:
What do you have at [logging] section in /etc/drweb/drweb_handler.conf ?
and what about drweb32.ini:
grep -i log /etc/drweb/drweb32.ini
 
# LogFileName = {FilePath}
# Log filename.
LogFileName = syslog
# SyslogFacility = {
# Sets the log type when using syslogd system service.
SyslogFacility = Daemon
# SyslogPriority = {Error|Info|Notice|Warning|Alert}
# Sets the log priority when using syslogd system service.
# SyslogPriority = Info
# LimitLog = {Boolean}
# Specifies whether the log file size must be limited, or not.
LimitLog = no
# MaxLogSize = {Digital}
# Maximum log file size.
MaxLogSize = 512
# LogScanned = {Boolean}
# Whether to log or not information about all checked objects (infected and
LogScanned = yes
# LogPacked = {Boolean}
# Whether to log or not additional information about files packed by DIET, PKLITE
LogPacked = yes
# LogArchived = {Boolean}
# Whether to log or not additional information about files archived by RAR, ZIP,
LogArchived = yes
# LogTime = {Boolean}
# Whether to log or not the time for each record.
LogTime = yes
# LogProcessInfo = {Boolean}
# Whether to log or not clients address (hostname or IP) and PID of every
LogProcessInfo = yes
# ClientsLogs = {String}
# Splitting the log files.
# ClientsLogs = drwebdc:/var/drweb/log/drwebdc.log,smb_spider:syslog,mail:/var/drweb/log/drwebmail.log,kerio:syslog,lotus:syslog
# Enables output of update session log to stdout.
# ProxyLogin = {String}
ProxyLogin =
# LogFileName = {FilePath}
# Log filename.
LogFileName = syslog
# LogLevel = {Quiet|Error|Warning|Info|Verbose|Debug}
# Log verbosity level.
LogLevel = Info
# SyslogFacility = {
# Sets the log type when using syslogd system service.
SyslogFacility = Daemon
 
# Logging section #
[Logging]
# Logging detalization ( Quiet, Errors, Alerts, Info, Verbose, Debug )
# Facility used for logging to syslog ( Daemon, Mail, Local0..7 )
SyslogFacility = Mail
# Priority used for logging to syslog ( Debug, Info, Notice, Alert )
SyslogPriority = Info
 
so most important fact for me is that ONLYdrweb logs to console nothing else. so at the moment I disable drweb and because of 10 mail account limit I also think about searching for alternatives.
But if it would work it would be very great, another strange issue is that some days ago this was not happen. so I sounds like a mistake of one of the latest updates, if this would be a reason I wonder that I'm the only one with this effect.
so question over question. maybe we can find the reason.
 
vim /etc/syslog-ng/
conf.d/ patterndb.d/ scl.conf syslog-ng.conf

destination d_auth { file("/var/log/auth.log"); };
destination d_cron { file("/var/log/cron.log"); };
destination d_daemon { file("/var/log/daemon.log"); };
destination d_kern { file("/var/log/kern.log"); };
destination d_lpr { file("/var/log/lpr.log"); };
destination d_mail { file("/var/log/mail.log"); };
destination d_syslog { file("/var/log/syslog"); };
destination d_user { file("/var/log/user.log"); };
destination d_uucp { file("/var/log/uucp.log"); };
# This files are the log come from the mail subsystem.
destination d_mailinfo { file("/var/log/mail.info"); };
destination d_mailwarn { file("/var/log/mail.warn"); };
destination d_mailerr { file("/var/log/mail.err"); };
# Logging for INN news system
destination d_newscrit { file("/var/log/news/news.crit"); };
destination d_newserr { file("/var/log/news/news.err"); };
destination d_newsnotice { file("/var/log/news/news.notice"); };
# Some `catch-all' logfiles.
destination d_debug { file("/var/log/debug"); };
destination d_error { file("/var/log/error"); };
destination d_messages { file("/var/log/messages"); };
#destination d_net { tcp("127.0.0.1" port(1000) log_fifo_size(1000)); };
destination d_ppp { file("/var/log/ppp.log"); };
filter f_syslog3 { not facility(auth, authpriv, mail) and not filter(f_debug); };
# Log paths
log { source(s_src); filter(f_auth); destination(d_auth); };
log { source(s_src); filter(f_cron); destination(d_cron); };
log { source(s_src); filter(f_daemon); destination(d_daemon); };
log { source(s_src); filter(f_kern); destination(d_kern); };
log { source(s_src); filter(f_lpr); destination(d_lpr); };
log { source(s_src); filter(f_syslog3); destination(d_syslog); };
log { source(s_src); filter(f_user); destination(d_user); };
log { source(s_src); filter(f_uucp); destination(d_uucp); };
log { source(s_src); filter(f_mail); destination(d_mail); };
#log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); };
#log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); };
#log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); };
log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); };
log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); };
log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); };
#log { source(s_src); filter(f_cnews); destination(d_console_all); };
#log { source(s_src); filter(f_cother); destination(d_console_all); };
#log { source(s_src); filter(f_ppp); destination(d_ppp); };
log { source(s_src); filter(f_debug); destination(d_debug); };
log { source(s_src); filter(f_error); destination(d_error); };
log { source(s_src); filter(f_messages); destination(d_messages); };
log { source(s_src); filter(f_console); destination(d_console_all);
log { source(s_src); filter(f_crit); destination(d_console); };
#log { source(s_src); destination(d_net); };
# Include all config files in /etc/syslog-ng/conf.d/
@include "/etc/syslog-ng/conf.d/*.conf"
 
maybe it would be an option to reinstall drweb? but how should I do it? in the Plesk Panel I only can Start Sop Restart the service.
 
You can remove and then install "Parallels Premium antivirus" component in Plesk UI.
go to Tools & Settings -> Updates & Upgrades -> Mail hosting features -> Parallels Premium antivirus
 
I did a complete reinstall of all drweb components and still the same issue all drweb log are shown on console, so I decide to stop drwebd and give clamav a chance to secure my mails.
If anybody have an idea I will try it.
 
I find a solution for me:

I change the startup Information method form terminal to quit and now I did not see the scanning of emails on terminal anymore

vim /etc/drweb/drweb32.ini

# OutputMode = {Quiet|Terminal}
# Information output mode at start.
OutputMode =Quiet
 
You must log in or register to reply here.

Similar threads

A
Question Upgrade Almalinux 8 to 9 with Plesk installed
Replies
2
Views
498
ansgar
A
F
Question php killed by SIGNABRT
Replies
5
Views
1K
Peter Debik
P
M
Issue Database server
Replies
8
Views
2K
Monty
Monty
G
Question Unable to send emails via phpmailler (codeigniter) smtp to hotmail.
Replies
2
Views
2K
Grepher76
G
Christoph Farnleitner
File owner in subscription is unequal to sys user (actual file owner-name is set to a FTP-user name)
Replies
2
Views
1K
Christoph Farnleitner
Christoph Farnleitner
Back
Top