Simon Žekar - unix, communications, stupidities » swatch http://simon.zekar.com "Unix is simple, but it takes a genious to understand the simplicity" --Dennis Ritchie Fri, 23 Apr 2010 22:11:08 +0000 http://wordpress.org/?v=2.8.4 en hourly 1 swatch – alerting you of certain log entries http://simon.zekar.com/2009/02/04/swatch-log-monitor/ http://simon.zekar.com/2009/02/04/swatch-log-monitor/#comments Wed, 04 Feb 2009 20:53:24 +0000 sIMON http://simon.zekar.com/?p=65 A few minutes before coding my own perl script, which would alert me on certain log entries, I’ve found a software which does it’s job very well.

It’s called swatch – yes, really impressing web site and lack of documentation, examples is tipical for a geek’s tool.

example config – very simple:
watchfor /Security violation occurred/
mail addresses=ninja@level13.org,subject="SWATCH warning - switch_name"

and the command line invocation:
# /usr/local/bin/swatch -c /usr/local/etc/swatch/switch_name.conf -t /var/log/syslog/switch_name.log --daemon --use-cpan-file-tail

–daemon for forking it in the background

–use-cpan-file-tail is needed so that the swatch will tail file even after it’s rotated by the rotating script, but make sure that the perl module File::Tail is installed

It can of course match multiple patterns (multiple watchfor sections) on the same log file, but you must run multiple instances of the software for tailing multiple log files.

Make sure to read swatch man page.

S.

]]> http://simon.zekar.com/2009/02/04/swatch-log-monitor/feed/ 1