Archived entries for log

swatch – alerting you of certain log entries

A few minutes before coding my own perl script, which would alert me on certain log entries, I’ve found a software which does it’s job very well.

It’s called swatch – yes, really impressing web site and lack of documentation, examples is tipical for a geek’s tool.

example config – very simple:
watchfor /Security violation occurred/
mail addresses=ninja@level13.org,subject="SWATCH warning - switch_name"

and the command line invocation:
# /usr/local/bin/swatch -c /usr/local/etc/swatch/switch_name.conf -t /var/log/syslog/switch_name.log --daemon --use-cpan-file-tail

–daemon for forking it in the background

–use-cpan-file-tail is needed so that the swatch will tail file even after it’s rotated by the rotating script, but make sure that the perl module File::Tail is installed

It can of course match multiple patterns (multiple watchfor sections) on the same log file, but you must run multiple instances of the software for tailing multiple log files.

Make sure to read swatch man page.

S.

Ugotovite kdo se pretirano pogovarja z vašim spletnim strežnikom

Če sumite, da vaše spletne strani pretirano berejo roboti ali kakšni nepridipravi in vam pri tem upočasnjujejo strežnik, vam serviram eno enovrstičnico, ki iz apache loga prešteje zahtevke za vsak IP naslov. Prikaže vam IP naslov in število zahtevkov, ki jih je ta IP sprožil.

S spremembo vrednosti spremenljivke $limit lahko določite kje bo meja številka zahtevkov, da se bo IP pokazal v izpisu.

cat /var/log/apache/access | perl -e ‘$limit=100; while(<>){ if(/(d{1,3}.d{1,3}.d{1,3}.d{1,3})/) { $ips->{$1}++;}} for(keys %$ips){ print “$_: $ips->{$_}n” if $ips->{$_} >= $limit; } ‘ |sort -k 2 -n

s.

Copyright © 2004–2009. All rights reserved.

RSS Feed. This blog is proudly powered by Wordpress and uses Modern Clix, a theme by Rodrigo Galindez.