Clamd and freshclam logs JSON format

[Pophalekiran]

Hello Team,

I am using clamav 1.3 image, deployed it in Kubernetes env, I wanted to collect or stdout logs in JSON format. I tried various options but none of it worked for me.

I have create the image with Dockerfile as

FROM clamav/clamav:1.3
ENTRYPOINT ["/init-unprivileged"]

I suspect that init-unprivileged scripts redirecting the logs to STDOUT channel. But no sure 100 %.

Can you please guide me to get the logs in JSON format, it will be very simple JSON.

for example "{"timestamp": "$timestamp", "message": "$line"}"

If this is not possible then is there way to stop printing logs on STDOT completely

[micahsnyder]

Outputting log lines as json objects is not something clamav can do.

The only way that I can think of to completely silence freshclam or clamd is to redirect stdout and stderr for each process to /dev/null in the init script.

[Pophalekiran]

Thank you. I am very new to ClamAV configuration. Could please help with probable changes in scripts

[micahsnyder]

Sorry about the delayed reply. What I'm suggesting is you would change any calls to clamd or freshclam to be something like:
clamd --foreground > /dev/null 2>&1 &
or
freshclam --foreground > /dev/null 2>&1 &

I'm still kind of confused why you'd want to silence all log messages from these. But if you want to do it, that's how I think you'd have to do it.

[micahsnyder]

@Pophalekiran I just read this comment where someone shared how they use syslog-ng to print logs in JSON format. I immediately though to share with you Cisco-Talos/clamav#1371 (comment)