This app looks at clamav and freshclam log files to report on usage, scan summary, and virus' discovered.
The author of this splunk app has no connection whatsoever with ClamAV, Sourcefire, and or Cisco. Other, than I think it's a f'ing cool product and no-one else has made a splunk app for its logs. :)
This app has been created to work correctly with a stand-alone, distributed, and cloud installs of Splunk. Read the install notes carefully below with your splunk platform in mind.
You will need two apps:
1. ClamAV https://splunkbase.splunk.com/app/1798/
a. (this app)
2. TA-ClamAV https://splunkbase.splunk.com/app/3619/
This section is to install on a centralized or stand-alone splunk setup.
For those who are running a distributed Splunk design or HA: ie separate forwarders, search heads, indexers, etc... Please follow these directions, depending on your design YMMV. Please see this link for more instructions: [http://docs.splunk.com/Documentation/AddOns/released/Overview/Installingadd-ons]
I have not used Cloud yet. I believe you install this app via the UI.
Also install the TA-ClamAV app via the UI.
See the README.txt file in the TA-ClamAV app.
The TA app will control your index settings.
New app!
This is an open source project, no support provided. Please use splunk answers for help and assistance. Author monitors splunk answers and will provide help as best as possible.
New app for Splunk 6.0
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.