On Fri, 2007-11-02 at 21:48 -1000, Dave Burns wrote: > > The basic capability I am looking for is a daemon that tails one (or > more) log files, greps out stuff that is boring, and immediately sends > me an email about the interesting stuff. Especially stuff that I've > never seen before and therefore don't have a nice regular expression > for other than /./. Swatch seems aimed right at this sort of problem. > Hi, We use swatch for monitoring about 20 or so (Fedora) PC's and (CentOS) servers. Swatch will do what you want above, but as you have already noticed it's not really a complete package. I had to set up config files for the log files I wanted watched, and then write a startup script to start swatch watching the log files at boot time. Okay, I only really had to do this once, several years ago, and we have used the same scripts since then. (I notice on the SourceForge site that there is still a feature request for a startup script.) I don't use the email facility of swatch, but get it (using 'exec') to run an in-house script which sends a notification to our Big Brother monitoring system (http://bb4.org/download.html). That way we have a single web interface to let me know if anything is going wrong with our systems (BB monitors other things such as disk space, cpu usage, connectivity, services are running etc, etc). The help public forum on the swatch sourceforge site seems to be reasonably active, and it's nice to see the swatch author replying there too. For a while (a few years ago) the program support seemed to fizzle out, and this may be why you found little about swatch on google. However, the author then moved the project to SourceForge, and it seems to have picked up support since then. Overall I have had no problems running swatch. Like you I wanted something that notified me immediately that something happened, rather than just being emailed once a day (with logwatch). To me that's a bit too late to be told that someone has done, or is trying to do something, to my systems! John. -- --------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: John.Horne@xxxxxxxxxxxxxx Fax: +44 (0)1752 233839
