[hostX:~] # rcsdiff /usr/local/etc/clamd.conf
14c14
< LogFile /var/log/clamav/clamd.log
---
> # LogFile /var/log/clamav/clamd.log
43c43
< #LogSyslog yes
---
> LogSyslog yes
48c48
< #LogFacility LOG_MAIL
---
> LogFacility LOG_LOCAL6

[hostX:~] # /usr/local/etc/rc.d/clamav-clamd reload

man syslog.conf

[hostX:~] # shutdown -p 17:30

[hostX:~] # logger -t clamd -p kern.emerg 'Kernel Panic'

[hostX:~] # cat syslog.conf
...
local6.*                                   /var/log/clamd.log
...

[hostX:~] # touch /var/log/clamd.log

[hostX:~] # /etc/rc.d/syslogd reload

[hostX:~] # clamdscan virus.zip

[hostX:~] # cat /etc/newsyslog.conf
...
/var/log/clamd.log                      600  7     10   *     J
/var/log/httpd-access.log               644  10    1000 *     JC    /var/run/httpd.pid 30
/var/log/httpd-error.log                644  10    1000 *     JC    /var/run/httpd.pid 30
/var/log/httpd-ssl_request.log          644  10    1000 *     JC    /var/run/httpd.pid 30


[hostX:~] # cat logger.sh
while :
do
  logger -t clamd -p local7.info "Message 1"
  logger -t clamd -p local7.info "Message 2"
done

[hostX:~] # sh logger.sh
...
<Ctrl>-C

[hostX:~] # tail -f /var/log/clamd.log
...
<Ctrl>-C

[hostX:~] # newsyslog

[hostX:~] # ls -l /var/log/clamd.log*

[hostX:~] # cat /etc/rc.conf 
...
syslogd_flags="-a 192.168.X.0/24"

Сокращенная форма 192.168.X/24 не распознается!

[hostX:~] # /etc/rc.d/syslogd restart

[gate:~] # cat /etc/syslog.conf
*.*                                           @hostX
...

[gate:~] # /etc/rc.d/syslogd restart

[hostX:~] # cat syslog.sh 
#!/bin/sh
while read m
do
        if expr "$m" : '.*login.*' > /dev/null
        then
                echo $m | mail -s login root
        fi
done

[hostX:~] # chmod +x syslog.sh

[hostX:~] # cat /etc/syslog.conf
...
auth.*                                        | /root/syslog.sh 
...