On Thu, Dec 20, 2001 at 05:34:36PM +0100, Gildas PERROT wrote: > > The special features are : > > - executing a command when pattern is found > - limiting the number of times that the matched pattern has actions > performed on it (throttle) > - examining lines of text as they are added to logfile (tail mode) > > I already tried swatch 3.0.4 (http://www.oit.ucsb.edu/~eta/swatch/) which is > supposed to do that but I had some problems with it : > > 1) I noticed that with --tail-file mode, execution of a command doesn't > occur as soons as pattern appears in logfile (there is a delay of nearly one > minute) > > 2) throttle values are not accepted. Throttling was broken in a recent release of swatch, and supposedly fixed - but it still doesn't work for me. I wrote my own script to do the throtting (since it's such a small part of what swatch does, I didn't want to ditch it just because of the one broken feature). I put my script up on my logging page at http://www.campin.net/newlogcheck.html - in the swatch section. If you don't need all the bells and whistles of swatch, you could implement your own very simple implementation of a real-time log checker rather quickly in perl. Of course this isn't such a good idea, since it'll likely keep growing in size and complexity as you need more out of it, and you'll eventually end up with swatch all over again. People have spoken well about logsurfer, but I have no experience with it. -- Nate Campi | Terra Lycos DNS | SF UNIX Operations | (415) 276-8678 "MS-DOS isn't dead, it just smells that way." - Henry Spencer --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Thu Dec 20 2001 - 09:52:44 PST