Re: swatch autostart - was: [logs] swatchrc file

• Previous message: Jaswinder: "[logs] how to log cisco router activity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Well, it's been almost 2 months since you've posted this query, but I've 
finally cought up my loganalysis reading.

I use the redhat 7.x (and probably 8.x as well) compatible swatch.init 
that is attached.   put it in /etc/rc.d/init.d and then 'chkconfig --add 
swatch.init'. 

It starts swatch in a screen ('man screen' for fun details) when the 
system boots, using the also attached screenrc which lives in 
/root/.screenrc-swatch on my box.

fun for the whole family. change as desired, distribute at will and with 
extreme prejudice.

-sharif

On Fri, 17 Jan 2003, swatch swatch wrote:

> I now face another challenge with swatch.
> 
> 1. I want swatch to start automatically should the server be rebooted for 
> some reason.  This is the command i use to start swatch manually:
> 
> # /usr/local/bin/swatch -c /var/log/swatchrc -t /var/log/messages --daemon
> 
> Where would i put this command so that it starts swatch automatically.  Do i 
> have to create a shell script or something?  If so, what is the proper 
> syntax?
> 
> 2. I have setup one swatchrc file but i have 7 instances of swatch running 
> to look in separate log files (based on how i have syslog.conf setup in 
> redhat 7.2).  This includes 3 facilities I created (local0 through local2).
> 
> What i want to do is setup 7 swatchrc files.  One swatchrc file for every 
> logfile.  Is this possible?  If so, do i just name my swatchrc files 
> swatchrc1 through swatchrc7 and configure each one to look for specific 
> information depending on what logfile it is pointed at?  For example, if i 
> have swatchrc1 setup to look in /var/log/kernel and swatchrc2 to look in 
> /var/log/messages would these be my startup scripts (remember i want to put 
> these scripts somewhere where they will start automatically should the 
> server be rebooted).
> 
> # /usr/local/bin/swatch -c /var/log/swatchrc1 -t /var/log/kernel --daemon
> 
> # /usr/local/bin/swatch -c /var/log/swatchrc2 -t /var/log/messages --daemon
> 
> All help is appreciated.  Thanks!
> 
> 
> 
> 
> 
> _________________________________________________________________
> Protect your PC - get McAfee.com VirusScan Online 
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> 
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysisat_private
> http://lists.shmoo.com/mailman/listinfo/loganalysis
> 

• TEXT/PLAIN attachment: swatch.init

• TEXT/PLAIN attachment: screenrc-swatch

• Next message: Woods, Craig M, GLPRO: "[logs] RE: Windows Event Log Attack Signatures"
• Previous message: Jaswinder: "[logs] how to log cisco router activity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 06 2003 - 06:44:46 PST