The Swatch Configuration File
The Swatch configuration file is where all the important settings are. In this file, called swatchrc by default, you tell the program what to look for in the log files and what to do if that shows up. Two sample swatchrc files are included with the program in the examples directory. The swatchrc.personal file is for use on a personal workstation, and swatchrc.monitor is for server monitoring. Listing 8.2 shows what the monitor version looks like.
Listing 8.2. The swatchrc Monitor Configuration File
#
# Swatch configuration file for constant monitoring
#
# Bad login attempts
watchfor /INVALID|REPEATED|INCOMPLETE/
echo
bell 3
exec "/usr/local/sbin/badloginfinger $0"
# Machine room temperature
watchfor /WizMON/
echo inverse
bell
# System crashes and halts
watchfor /(panic|halt)/
echo
bell
mail
exec "call_pager 3667615 0911"
# System reboots
watchfor /SunOS Release/
echo
bell
mail
exec "call_pager 3667615 0411"
As you can see in Listing 8.2, the basic format is a watchfor statement followed by a text statement between two slashes, and then one or more action commands. The text between the slashes is what Swatch looks for when it examines (tails) the log file. If the search text is found, then Swatch takes the actions below the statement. Table 8.3 lists and describes the action statements Swatch supports.
Table 8.3. Swatch Action StatementsAction Statements | Descriptions |
|---|
echo mode | Makes the search text be echoed to the screen. The word mode is optional and indicates the color in which it is to be displayed. The default is your normal screen text color, but you can also use the following modes: blink, bold, underline, inverse, green, blue, red, yellow, black, magenta, cyan, white, or any of these choices followed by _h to use the highlighted colored version, for example black_h. | bell number | Rings the PC internal speaker the number of times indicated by number. The default if no number is given is 1. | exec command | Executes a command line parameter. You can use this to call any other program or script to do various things, for example, to send an SMB pop message to a particular workstation. This functionality greatly expands the things that Swatch can do. You can even configure this to call a script that would take further action conditionally, based on what was found in the log file. | pipe command | Passes along a command to another process. | mail addresses=address1:address2:address3,subject=text | Sends an e-mail using the Sendmail program to a single e-mail address or to multiple addresses separated by colons. Text appears as the subject line for your e-mail message. The alert text appears in the body of the e-mail. | write user1:user2 | Causes the alert to be sent via the UNIX write command to a single user or a group of users. | throttle hours:minutes:seconds | Controls the number of times the alert is sent during a period of time for one watchfor statement. This keeps you from getting dozens of messages if a text string appears multiple times in the log file within the set time window. |
As you can see, Swatch can notify you of flagged log events in several different ways. The easiest is to just have it beep or echo on the screen. If you are not around the server all the time, then you can have it e-mail you. If your pager or cell phone supports text messaging via e-mail, you could have it send the message directly to you. You can also write a script to have the server dial a pager number using the UNIX tip command.
|
