Hi, I have configured SWATCH on my syslog server, however, I am not getting any emails sent to me when I purposely type in a wrong password on my ssh client. Attached is my swatchrc file. Could my syntax be wrong? For example, instead of ‘mail addresses’ should it be ‘mail address’ or only ‘mail’? when I check my log files it tells me there was a failed login attempt, however, no email is sent to me. once I created the swatchrc file I ran the command: /usr/local/bin/swatch –c /var/log/swatchrc –t /var/log/syslog & Perhaps I should be using the command: /usr/local/bin/swatch –c /var/log/swatchrc –t /var/log/messages & Any thoughts? It tells me that swatch 3.0.4 has started…..although it doesn’t immediately go back to the root prompt. Is this normal? I have to press enter to get back to a root prompt….is that normal? I see the process running by typing ‘ps’ and then ‘ps –eaf’. When I type ‘exit’ at the root prompt to exit my ssh session it tells me that it is still connected and doesn’t log me out like it normally does, therefore, I force the disconnect by clicking on the X in the top right hand corner. Then when I log back in and type ‘ps’ I no longer see the processes of swatch and perl running. But when I type ‘ps –eaf’ I see the 2 processes running. I also tried the commands: /usr/local/bin/swatch –c /var/log/swatchrc –t /var/log/syslog –daemon and, nohup /usr/local/bin/swatch –c /var/log/swatchrc –t /var/log/syslog & I did not get returned to a root prompt. But my nohup.out file tells me that SWATCH was started. Sorry if this is confusing, I am still very new to linux. I am running SWATCH on redhat 7.2. I noticed that the swatchrc file has slightly different syntax for UNIX and LINUX. Perhaps I am spelling something wrong or am missing an = sign? It may be that the additional perl modules which are needed are not installed properly. When I type rpm –q perl it comes back with perl 5.6.0 which is fine. However, I thought I had installed perl 5.8.0 but I must have done something wrong if it tells me that perl 5.6.0 is installed. This is not a big deal because SWATCH only requires perl 5 or greater. The reason I mention this is because I thought I also installed the additional 4 modules that SWATCH needs. But I have a hunch they to did not get installed. Can you tell me where exactly to install them (/usr/bin or /usr/bin/perl5.6.0)? Or does it matter? I installed these modules by running make, make test, make install. Is that correct? How can I verify that they are installed and the directory which they are installed in? I believe I did everything correct on the SWATCH end of things but I could be wrong. I have my swatchrc file in /var/log which should be fine I think. I also know I put a hidden swatchrc file right under root. This file is empty. Does this file also need to be the same as my swatchrc file in /var/log? Or do I need both of them? Could that be the problem? I appreciate any help you can give me. Thanks! _________________________________________________________________ The new MSN 8 is here: Try it free* for 2 months http://join.msn.com/?page=dept/dialup _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 18:49:05 PST