Re: [logs] swatchrc file

• Previous message: Eric Fitzgerald: "[logs] RE: NT Event Log and Web Server Attacks"
• In reply to: swatch swatch: "Re: [logs] swatchrc file"
• Next in thread: Nate Campi: "Re: [logs] swatchrc file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 17, 2003 at 06:49:28PM +0000, swatch swatch wrote:
> I now face another challenge with swatch.
> 
> 1. I want swatch to start automatically should the server be rebooted for 
> some reason.  This is the command i use to start swatch manually:
> 
> # /usr/local/bin/swatch -c /var/log/swatchrc -t /var/log/messages --daemon
> 
> Where would i put this command so that it starts swatch automatically.  Do 
> i have to create a shell script or something?  If so, what is the proper 
> syntax?

Just put it in one of the startup scripts on your machine.
/etc/rc.local is a popular location.  Or you could write your own rc
script and put it whereever is appropriate for your OS.  Take a look at
the existing scripts, you should be able to just copy and paste most of
it.  In solaris, look at /etc/init.d/ and /etc/rc?.d/.  In hpux, look at
/sbin/init.d and /sbin/rc?.d/.  In lunix, it depends on the
distribution, but it's usually something like /etc/init.d/ and
/etc/rc?.d/ OR /etc/rc.d/init.d and /etc/rc.d/rc?.d/ .

> 2. I have setup one swatchrc file but i have 7 instances of swatch running 
> to look in separate log files (based on how i have syslog.conf setup in 
> redhat 7.2).  This includes 3 facilities I created (local0 through local2).
> 
> What i want to do is setup 7 swatchrc files.  One swatchrc file for every 
> logfile.  Is this possible?  If so, do i just name my swatchrc files 
> swatchrc1 through swatchrc7 and configure each one to look for specific 
> information depending on what logfile it is pointed at?  For example, if i 
> have swatchrc1 setup to look in /var/log/kernel and swatchrc2 to look in 
> /var/log/messages would these be my startup scripts (remember i want to put 
> these scripts somewhere where they will start automatically should the 
> server be rebooted).
> 
> # /usr/local/bin/swatch -c /var/log/swatchrc1 -t /var/log/kernel --daemon
> 
> # /usr/local/bin/swatch -c /var/log/swatchrc2 -t /var/log/messages --daemon

yeah, that should work just fine, though I'd put the swatchrcs in a
different directory to keep the config seperate from the data.  I would
also name the swatchrc files after the log file for clarity.  For
example:

/var/swatchrc/kernel is swatchrc for /var/log/kernel
/var/swatchrc/daemon is swatchrc for /var/log/daemon
...
/var/swatchrc/local0 is swatchrc for /var/log/local0
...

-- 
Ed Schmollinger - schmolliat_private

• application/pgp-signature attachment: stored

• Next message: H C: "RE: [logs] RE: NT Event Log and Web Server Attacks"
• Previous message: Eric Fitzgerald: "[logs] RE: NT Event Log and Web Server Attacks"
• In reply to: swatch swatch: "Re: [logs] swatchrc file"
• Next in thread: Nate Campi: "Re: [logs] swatchrc file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jan 18 2003 - 21:46:28 PST