swatch – alerting you of certain log entries

sIMON — Wed, 04 Feb 2009 20:53:24 +0000

A few minutes before coding my own perl script, which would alert me on certain log entries, I’ve found a software which does it’s job very well.

It’s called swatch – yes, really impressing web site and lack of documentation, examples is tipical for a geek’s tool.

example config – very simple:
watchfor /Security violation occurred/ mail addresses=ninja@level13.org,subject="SWATCH warning - switch_name"

and the command line invocation:
# /usr/local/bin/swatch -c /usr/local/etc/swatch/switch_name.conf -t /var/log/syslog/switch_name.log --daemon --use-cpan-file-tail

–daemon for forking it in the background

–use-cpan-file-tail is needed so that the swatch will tail file even after it’s rotated by the rotating script, but make sure that the perl module File::Tail is installed

It can of course match multiple patterns (multiple watchfor sections) on the same log file, but you must run multiple instances of the software for tailing multiple log files.

Make sure to read swatch man page.

Ugotovite kdo se pretirano pogovarja z vašim spletnim strežnikom

sIMON — Thu, 14 Jun 2007 20:36:33 +0000

Če sumite, da vaše spletne strani pretirano berejo roboti ali kakšni nepridipravi in vam pri tem upočasnjujejo strežnik, vam serviram eno enovrstičnico, ki iz apache loga prešteje zahtevke za vsak IP naslov. Prikaže vam IP naslov in število zahtevkov, ki jih je ta IP sprožil.

S spremembo vrednosti spremenljivke $limit lahko določite kje bo meja številka zahtevkov, da se bo IP pokazal v izpisu.

cat /var/log/apache/access | perl -e ‘$limit=100; while(<>){ if(/(d{1,3}.d{1,3}.d{1,3}.d{1,3})/) { $ips->{$1}++;}} for(keys %$ips){ print “$_: $ips->{$_}n” if $ips->{$_} >= $limit; } ‘ |sort -k 2 -n

Simon Žekar - unix, communications, stupidities » log

swatch – alerting you of certain log entries

Ugotovite kdo se pretirano pogovarja z vašim spletnim strežnikom