swatch
Swatch was originally written to actively monitor messages as they were written to a log file via the UNIX syslog utility. It has multiple methods of alarming, both visually and by triggering events. The perfect tools for a master loghost. It is known to work flawlessly on Linux (RH5), BSDI, and Solaris 2.6 (patched).
| Tags | Internet Log Analysis Security Monitoring Networking |
|---|---|
| Licenses | GPL |
| Implementation | Perl |
Recent releases
- 07 Nov 2001 00:17
Changes: A fix for a major bug involving key value assignment when throttling.
- 26 Oct 2001 20:45
Changes: A simplified Makefile.PL, fixes for an action parsing problem with a space appended to the option name and another with quotation marks, and fixes for documentation on the '--restart-time' commandline option.
- 05 Sep 2001 14:10
Changes: The default input file has been changed to be /var/log/messages instead of /var/log/syslog if it exists. The problem of continuing to try to match a pattern after the pattern was matched but was throttled has been fixed. date_loc, time_loc, and extra_cuts options to have been added to throttle, and numerous problems with throttling have been fixed. "--daemon" mode has been fixed so that it runs more reliably in the background. The read_config routine has been cleaned up. A parsing problem involving the use of a single TAB as a separator has been fixed. The format of the message displayed when throttling has been changed to include the entire message.
- 05 Sep 2001 14:09
No changes have been submitted for this release.
- All comments
Recent commentsKeeps dying out in Slackware 7.0
I (try to) run swatch to search for critical conditions on a master log server, such as when a line to a remote location goes down.
Swatch works fine, but it keeps dying on me. I start it as "swatch -t /var/log/router/cisco7200 >/dev/null &" from rc.local, and it runs for about an hour or two before simply ceasing to exist.
Anybody notice anything similar?