Logs

bucketAV stores logs in a centralized location using CloudWatch Logs. You can configure the retention period for logs via the LogsRetentionInDays configuration parameter.

You can find the last logs in the dashboard!

Query logs (#)

For more sophisticated query capabilities:

  1. Visit the Amazon CloudWatch Console.
  2. Ensure that you are in the correct region.
  3. Navigate to Logs Insights.
  4. Select the bucketAV logs log group (if you followed the docs, the name starts with bucketav-Logs-).
  5. Select a date range.
  6. Enter the following query:
fields @timestamp, @message
| filter (@logStream like "/var/log/messages" and @message like "bucketav[") or @logStream like "/journald/bucketav.service"
| sort @timestamp desc
  1. Click Run query.

Learn more about the CloudWatch Logs Insights query syntax or discover the following sample queries.

Get the 100 largest files scanned (#)

fields @timestamp
| filter (@logStream like "/var/log/messages" or @logStream like "/journald/bucketav.service") and @message like "s3://" and @message like "[download="
| parse "s3://*/* * * [download=*,scan=*,size=*]" as bucket, key, version, msg, download, scan, size
| sort size desc
| limit 100

Get total file size scanned by bucket (#)

fields @timestamp
| filter (@logStream like "/var/log/messages" or @logStream like "/journald/bucketav.service") and @message like "s3://" and @message like "[download="
| parse "s3://*/* * * [download=*,scan=*,size=*]" as bucket, key, version, msg, download, scan, size
| stats count() as files, sum(size) as total by bucket

Get all unscannable files (#)

fields @timestamp, @message
| filter (@logStream like "/var/log/messages" or @logStream like "/journald/bucketav.service") and (@message like "could not be scanned because it is" or @message like "does no longer exist" or @message like "not downloadable" or @message like "access denied")
| sort @timestamp desc

Export logs for bucketAV support (#)

Please send us your AWS account ID and region first: hello@bucketav.com. We respond with the S3 bucket name and bucket prefix with your upload token required for exporting logs.

  1. Visit the Amazon CloudWatch Console.
  2. Ensure that you are in the correct region.
  3. Navigate to Log groups.
  4. Click on the bucketAV logs log group (if you followed the docs, the name starts with bucketav-Logs-).
  5. Choose Actions, Export data to Amazon S3.
  6. Set From and To.
  7. Select Another account.
  8. Set S3 bucket name to our S3 bucket (reach out to hello@bucketav.com).
  9. Set the S3 bucket prefix to your upload token (reach out to hello@bucketav.com).
  10. Click Export.

Remote access fallback (#)

If no logs show up in CloudWatch Logs, you can connect to one of the bucketAV EC2 instances and run the following commands to get the logs:

Amazon Linux 2023 (#)

Requires bucketAV for Amazon S3 powered by ClamAV® version >= 2.21.0.
To update to the latest version, follow the Update Guide.

sudo -i
journalctl -u bucketav.service

Amazon Linux 2 (#)

sudo -i
grep 'bucketav' /var/log/messages

Need more help?

Write us, and we'll get back to you as soon as we can.

Send us an email