Send clamav logs to elk

Hi there,

I would like to send the scan logs from file c:\program files\clamav\clamd.logs to elasticsearch and assign new index name like clamav-scans-*

The scan logs for clean file looks like

Sat Feb 29 01:23:41 2020 -> C:\Program Files\ClamAV\.\clamd.conf: OK

and the scan logs for malicious file looks like

Sat Feb 29 01:25:56 2020 -> C:\Users\Malware Test\Downloads\wildfire-test-pe-file.exe: Win.Malware.Generic-6856527-0 FOUND

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.