Re: [logs] swatchrc file

• Previous message: marc: "Re: [logs] Syslog payload format"
• In reply to: swatch swatch: "Re: [logs] swatchrc file"
• Next in thread: Ed Schmollinger: "Re: [logs] swatchrc file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm running swatch thru syslog-ng and I use both addresses to alert myself and
the operations staff to any potential problems with the servers. If you're
running swatch directly you may need to double blackslash all @'s (\\@)

HTH,
Harry


Quoting swatch swatch <swatch_5at_private>:

*> Hi,
*> 
*> This is how my mail field looks:
*> 
*> # Bad login attempts
*>        watchfor /failed/
*>                 echo
*>                 exec echo $0 | mail meat_private
*>                 exec echo $0 | mail -s\"Authentication Failure\"
*>         operators\\@mycompany.com
*> 
*> And here is the output I get when I run the command:
*> 
*> # /usr/local/bin/swatch -c /var/log/swatchrc -t /var/log/messages
*> Can't find string terminator '"' anywhere before EOF at
*> /root/.swatch_script.24287 line 477.
*> 
*> Therefore, SWATCH and perl do not start.
*> 
*> I try and open .swatch_script.24287 with vi and it is an empty file (why
*> does it say the error is on line 477)?
*> 
*> It doesn’t seem to be a perl issue but when I type ‘perl –V’ it tells me
*> version 5.8.0 is installed and when I type ‘rpm –q perl’ it says perl 5.6.0
*> (the redhat 7.2 default).  Any thoughts?  Are you sure the syntax is correct
*> with the above mail field?  Are the quotes in the right spots?  What exactly
*> does ‘operators\\@mycompany.com’ do?
*> 
*> Thanks.
*> 
*> 
*> >From: Harry Hoffman <hhoffman@ip-solutions.net>
*> >To: loganalysisat_private
*> >Subject: Re: [logs] swatchrc file
*> >Date: Fri,  3 Jan 2003 10:05:49 +1300
*> >
*> >Hi,
*> >   We're running swatch on linux as well. Here is how our mail fields look:
*> >watchfor   /Too many open files in system/
*> >         echo
*> >         exec echo $0 | mail hhoffmanat_private
*> >         exec echo $0 | mail -s\"Out of files on Server, please reboot\"
*> >operators\\@auckland.ac.nz
*> >         throttle 30:00
*> >
*> >HTH,
*> >Harry
*> >
*> >
*> >Quoting swatch swatch <swatch_5at_private>:
*> >
*> >*> #swatchrc file in /var/log
*> >*>
*> >*>
*> >*> # Bad login attempts
*> >*> watchfor        /failed/
*> >*>                 echo bold
*> >*>                 mail addresses=meat_private,subject=Failed
*> >*> Authentication
*> >*>
*> >*> #Sniffing Attempts
*> >*> watchfor        /promiscuous/
*> >*>                 echo bold
*> >*>                 mail addresses=meat_private,subject=Someone is
*> >sniffing
*> >*> syslog server
*> >*>
*> >*> # Kernel problems or system reboots
*> >*> watchfor        /panic|halt/
*> >*>                 echo bold
*> >*>                 mail addresses=meat_private,subject=System Reboot
*> >*>
*> >*>
*> >*>
*> >*>
*> >*>
*> >*>
*> >*> _________________________________________________________________
*> >*> MSN 8 with e-mail virus protection service: 2 months FREE*
*> >*> http://join.msn.com/?page=features/virus
*> >*>
*> >*> _______________________________________________
*> >*> LogAnalysis mailing list
*> >*> LogAnalysisat_private
*> >*> http://lists.shmoo.com/mailman/listinfo/loganalysis
*> >*>
*> >
*> >
*> >--
*> >Harry Hoffman
*> >ITSS Systems Team Leader
*> >University of Auckland
*> >hhoffmanat_private
*> >hhoffman@ip-solutions.net
*> >STANDARD DISCLAIMER:
*> >**********************************************
*> >*This universe shipped by weight, not volume.*
*> >*Some expansion may have occured in shipping.*
*> >*********************************************
*> >
*> >
*> >-------------------------------------------------
*> >This mail sent through IMP: http://horde.org/imp/
*> >_______________________________________________
*> >LogAnalysis mailing list
*> >LogAnalysisat_private
*> >http://lists.shmoo.com/mailman/listinfo/loganalysis
*> 
*> 
*> _________________________________________________________________
*> Help STOP SPAM: Try the new MSN 8 and get 2 months FREE*
*> http://join.msn.com/?page=features/junkmail
*> 
*> _______________________________________________
*> LogAnalysis mailing list
*> LogAnalysisat_private
*> http://lists.shmoo.com/mailman/listinfo/loganalysis
*> 


-- 
Harry Hoffman
ITSS Systems Team Leader
University of Auckland
hhoffmanat_private
hhoffman@ip-solutions.net
STANDARD DISCLAIMER:
**********************************************
*This universe shipped by weight, not volume.*
*Some expansion may have occured in shipping.*
*********************************************


-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Rainer Gerhards: "RE: [logs] Syslog over TCP (Was: Re: Syslog payload format)"
• Previous message: marc: "Re: [logs] Syslog payload format"
• In reply to: swatch swatch: "Re: [logs] swatchrc file"
• Next in thread: Ed Schmollinger: "Re: [logs] swatchrc file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 03 2003 - 18:48:55 PST