Logs
bucketAV stores logs in a centralized location using CloudWatch Logs. You can configure the retention period for logs via the LogsRetentionInDays configuration parameter.
You can find the last logs in the dashboard!
Query logs
For more sophisticated query capabilities:
- Visit the Amazon CloudWatch Console.
- Ensure that you are in the correct region.
- Navigate to Logs Insights.
- Select the bucketAV logs log group (if you followed the docs, the name starts with
bucketav-Logs-
). - Select a date range.
- Enter the following query:
fields @timestamp, @message
| filter (@logStream like "/var/log/messages" and @message like "bucketav[") or @logStream like "/journald/bucketav.service"
| sort @timestamp desc
- Click Run query.
Learn more about the CloudWatch Logs Insights query syntax or discover the following sample queries.
Get the 100 largest files scanned
fields @timestamp
| filter (@logStream like "/var/log/messages" or @logStream like "/journald/bucketav.service") and @message like "s3://" and @message like "[download="
| parse "s3://*/* * * [download=*,scan=*,size=*]" as bucket, key, version, msg, download, scan, size
| sort size desc
| limit 100
Get total file size scanned by bucket
fields @timestamp
| filter (@logStream like "/var/log/messages" or @logStream like "/journald/bucketav.service") and @message like "s3://" and @message like "[download="
| parse "s3://*/* * * [download=*,scan=*,size=*]" as bucket, key, version, msg, download, scan, size
| stats count() as files, sum(size) as total by bucket
Get all unscannable files
fields @timestamp, @message
| filter (@logStream like "/var/log/messages" or @logStream like "/journald/bucketav.service") and (@message like "could not be scanned because it is" or @message like "does no longer exist" or @message like "not downloadable" or @message like "access denied")
| sort @timestamp desc
Export logs for bucketAV support
Please send us your AWS account ID and region first: hello@bucketav.com. We respond with the S3 bucket name and bucket prefix with your upload token required for exporting logs.
- Visit the Amazon CloudWatch Console.
- Ensure that you are in the correct region.
- Navigate to Log groups.
- Click on the bucketAV logs log group (if you followed the docs, the name starts with
bucketav-Logs-
). - Choose Actions, Export data to Amazon S3.
- Set From and To.
- Select Another account.
- Set S3 bucket name to our S3 bucket (reach out to hello@bucketav.com).
- Set the S3 bucket prefix to your upload token (reach out to hello@bucketav.com).
- Click Export.
Remote access fallback
If no logs show up in CloudWatch Logs, you can connect to one of the bucketAV EC2 instances and run the following commands to get the logs:
Amazon Linux 2023
Requires bucketAV for Amazon S3 powered by ClamAV® version >= 2.21.0, bucketAV for Amazon S3 powered by Sophos® version >= 2.15.0, bucketAV for Cloudflare R2 powered by ClamAV® version >= 2.1.0, or bucketAV for Cloudflare R2 powered by Sophos® version >= 2.2.0.
To update to the latest version, follow the Update Guide.
sudo -i
journalctl -u bucketav.service
Amazon Linux 2
sudo -i
grep 'bucketav' /var/log/messages