[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: swatch vs. logwatch (vs. syslog-ng? something?)



On Fri, 2007-11-02 at 21:48 -1000, Dave Burns wrote:
>
> The basic capability I am looking for is a daemon that tails one (or
> more) log files, greps out stuff that is boring, and immediately sends
> me an email about the interesting stuff. Especially stuff that I've
> never seen before and therefore don't have a nice regular expression
> for other than /./. Swatch seems aimed right at this sort of problem.
> 
Hi,

We use swatch for monitoring about 20 or so (Fedora) PC's and (CentOS)
servers. Swatch will do what you want above, but as you have already
noticed it's not really a complete package. I had to set up config files
for the log files I wanted watched, and then write a startup script to
start swatch watching the log files at boot time. Okay, I only really
had to do this once, several years ago, and we have used the same
scripts since then. (I notice on the SourceForge site that there is
still a feature request for a startup script.)

I don't use the email facility of swatch, but get it (using 'exec') to
run an in-house script which sends a notification to our Big Brother
monitoring system (http://bb4.org/download.html). That way we have a
single web interface to let me know if anything is going wrong with our
systems (BB monitors other things such as disk space, cpu usage,
connectivity, services are running etc, etc).

The help public forum on the swatch sourceforge site seems to be
reasonably active, and it's nice to see the swatch author replying there
too. For a while (a few years ago) the program support seemed to fizzle
out, and this may be why you found little about swatch on google.
However, the author then moved the project to SourceForge, and it seems
to have picked up support since then.

Overall I have had no problems running swatch. Like you I wanted
something that notified me immediately that something happened, rather
than just being emailed once a day (with logwatch). To me that's a bit
too late to be told that someone has done, or is trying to do something,
to my systems!


John.

-- 
---------------------------------------------------------------
John Horne, University of Plymouth, UK  Tel: +44 (0)1752 233914
E-mail: John Horne plymouth ac uk       Fax: +44 (0)1752 233839


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]