Simon Žekar – unix, communications, stupidities

A few minutes before coding my own perl script, which would alert me on certain log entries, I’ve found a software which does it’s job very well.

It’s called swatch – yes, really impressing web site and lack of documentation, examples is tipical for a geek’s tool.

example config – very simple:
watchfor /Security violation occurred/
mail addresses=ninja@level13.org,subject="SWATCH warning - switch_name"

and the command line invocation:
# /usr/local/bin/swatch -c /usr/local/etc/swatch/switch_name.conf -t /var/log/syslog/switch_name.log --daemon --use-cpan-file-tail

–daemon for forking it in the background

–use-cpan-file-tail is needed so that the swatch will tail file even after it’s rotated by the rotating script, but make sure that the perl module File::Tail is installed

It can of course match multiple patterns (multiple watchfor sections) on the same log file, but you must run multiple instances of the software for tailing multiple log files.

Make sure to read swatch man page.

S.

Če sumite, da vaše spletne strani pretirano berejo roboti ali kakšni nepridipravi in vam pri tem upočasnjujejo strežnik, vam serviram eno enovrstičnico, ki iz apache loga prešteje zahtevke za vsak IP naslov. Prikaže vam IP naslov in število zahtevkov, ki jih je ta IP sprožil.

S spremembo vrednosti spremenljivke $limit lahko določite kje bo meja številka zahtevkov, da se bo IP pokazal v izpisu.

cat /var/log/apache/access | perl -e ‘$limit=100; while(<>){ if(/(d{1,3}.d{1,3}.d{1,3}.d{1,3})/) { $ips->{$1}++;}} for(keys %$ips){ print “$_: $ips->{$_}n” if $ips->{$_} >= $limit; } ‘ |sort -k 2 -n

s.