I'm running swatch thru syslog-ng and I use both addresses to alert myself and the operations staff to any potential problems with the servers. If you're running swatch directly you may need to double blackslash all @'s (\\@) HTH, Harry Quoting swatch swatch <swatch_5at_private>: *> Hi, *> *> This is how my mail field looks: *> *> # Bad login attempts *> watchfor /failed/ *> echo *> exec echo $0 | mail meat_private *> exec echo $0 | mail -s\"Authentication Failure\" *> operators\\@mycompany.com *> *> And here is the output I get when I run the command: *> *> # /usr/local/bin/swatch -c /var/log/swatchrc -t /var/log/messages *> Can't find string terminator '"' anywhere before EOF at *> /root/.swatch_script.24287 line 477. *> *> Therefore, SWATCH and perl do not start. *> *> I try and open .swatch_script.24287 with vi and it is an empty file (why *> does it say the error is on line 477)? *> *> It doesn’t seem to be a perl issue but when I type ‘perl –V’ it tells me *> version 5.8.0 is installed and when I type ‘rpm –q perl’ it says perl 5.6.0 *> (the redhat 7.2 default). Any thoughts? Are you sure the syntax is correct *> with the above mail field? Are the quotes in the right spots? What exactly *> does ‘operators\\@mycompany.com’ do? *> *> Thanks. *> *> *> >From: Harry Hoffman <hhoffman@ip-solutions.net> *> >To: loganalysisat_private *> >Subject: Re: [logs] swatchrc file *> >Date: Fri, 3 Jan 2003 10:05:49 +1300 *> > *> >Hi, *> > We're running swatch on linux as well. Here is how our mail fields look: *> >watchfor /Too many open files in system/ *> > echo *> > exec echo $0 | mail hhoffmanat_private *> > exec echo $0 | mail -s\"Out of files on Server, please reboot\" *> >operators\\@auckland.ac.nz *> > throttle 30:00 *> > *> >HTH, *> >Harry *> > *> > *> >Quoting swatch swatch <swatch_5at_private>: *> > *> >*> #swatchrc file in /var/log *> >*> *> >*> *> >*> # Bad login attempts *> >*> watchfor /failed/ *> >*> echo bold *> >*> mail addresses=meat_private,subject=Failed *> >*> Authentication *> >*> *> >*> #Sniffing Attempts *> >*> watchfor /promiscuous/ *> >*> echo bold *> >*> mail addresses=meat_private,subject=Someone is *> >sniffing *> >*> syslog server *> >*> *> >*> # Kernel problems or system reboots *> >*> watchfor /panic|halt/ *> >*> echo bold *> >*> mail addresses=meat_private,subject=System Reboot *> >*> *> >*> *> >*> *> >*> *> >*> *> >*> *> >*> _________________________________________________________________ *> >*> MSN 8 with e-mail virus protection service: 2 months FREE* *> >*> http://join.msn.com/?page=features/virus *> >*> *> >*> _______________________________________________ *> >*> LogAnalysis mailing list *> >*> LogAnalysisat_private *> >*> http://lists.shmoo.com/mailman/listinfo/loganalysis *> >*> *> > *> > *> >-- *> >Harry Hoffman *> >ITSS Systems Team Leader *> >University of Auckland *> >hhoffmanat_private *> >hhoffman@ip-solutions.net *> >STANDARD DISCLAIMER: *> >********************************************** *> >*This universe shipped by weight, not volume.* *> >*Some expansion may have occured in shipping.* *> >********************************************* *> > *> > *> >------------------------------------------------- *> >This mail sent through IMP: http://horde.org/imp/ *> >_______________________________________________ *> >LogAnalysis mailing list *> >LogAnalysisat_private *> >http://lists.shmoo.com/mailman/listinfo/loganalysis *> *> *> _________________________________________________________________ *> Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* *> http://join.msn.com/?page=features/junkmail *> *> _______________________________________________ *> LogAnalysis mailing list *> LogAnalysisat_private *> http://lists.shmoo.com/mailman/listinfo/loganalysis *> -- Harry Hoffman ITSS Systems Team Leader University of Auckland hhoffmanat_private hhoffman@ip-solutions.net STANDARD DISCLAIMER: ********************************************** *This universe shipped by weight, not volume.* *Some expansion may have occured in shipping.* ********************************************* ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Jan 03 2003 - 18:48:55 PST