Logs
bucketAV stores logs in a centralized location using CloudWatch Logs. You can configure the retention period for logs via the LogsRetentionInDays configuration parameter.
You can find the last logs in the dashboard!
Query logs (#)
For more sophisticated query capabilities:
- Visit the Amazon CloudWatch Console.
- Ensure that you are in the correct region.
- Navigate to Logs Insights.
- Select the bucketAV logs log group (if you followed the docs, the name starts with
bucketav-Logs-
). - Select a date range.
- Enter the following query:
fields @timestamp, @message
| filter (@logStream like "/var/log/messages" and @message like "bucketav[") or @logStream like "/journald/bucketav.service"
| sort @timestamp desc
- Click Run query.
Learn more about the CloudWatch Logs Insights query syntax or discover the following sample queries.
Get the 100 largest files scanned (#)
fields @timestamp
| filter (@logStream like "/var/log/messages" or @logStream like "/journald/bucketav.service") and @message like "s3://" and @message like "[download="
| parse "s3://*/* * * [download=*,scan=*,size=*]" as bucket, key, version, msg, download, scan, size
| sort size desc
| limit 100
Get total file size scanned by bucket (#)
fields @timestamp
| filter (@logStream like "/var/log/messages" or @logStream like "/journald/bucketav.service") and @message like "s3://" and @message like "[download="
| parse "s3://*/* * * [download=*,scan=*,size=*]" as bucket, key, version, msg, download, scan, size
| stats count() as files, sum(size) as total by bucket
Get all unscannable files (#)
fields @timestamp, @message
| filter (@logStream like "/var/log/messages" or @logStream like "/journald/bucketav.service") and (@message like "could not be scanned because it is" or @message like "does no longer exist" or @message like "not downloadable" or @message like "access denied")
| sort @timestamp desc
Export logs for bucketAV support (#)
Please send us your AWS account ID and region first: hello@bucketav.com. We respond with the S3 bucket name and bucket prefix with your upload token required for exporting logs.
- Visit the Amazon CloudWatch Console.
- Ensure that you are in the correct region.
- Navigate to Log groups.
- Click on the bucketAV logs log group (if you followed the docs, the name starts with
bucketav-Logs-
). - Choose Actions, Export data to Amazon S3.
- Set From and To.
- Select Another account.
- Set S3 bucket name to our S3 bucket (reach out to hello@bucketav.com).
- Set the S3 bucket prefix to your upload token (reach out to hello@bucketav.com).
- Click Export.
Remote access fallback (#)
If no logs show up in CloudWatch Logs, you can connect to one of the bucketAV EC2 instances and run the following commands to get the logs:
Amazon Linux 2023 (#)
Requires bucketAV for Amazon S3 powered by ClamAV® version >= 2.21.0.
To update to the latest version, follow the Update Guide.
sudo -i
journalctl -u bucketav.service
Amazon Linux 2 (#)
sudo -i
grep 'bucketav' /var/log/messages