any one use swatch before, how 2 attach interested line of log in the notification email ?
jim martin
postfix168 at yahoo.com
Thu Sep 7 08:28:17 UTC 2006
Anyway use swatch before http://swatch.sourceforge.net/, it is a simple watcher for logfile
I configured the following swatchrc1 file to search for authentication failure in the log
file
The content of the swatchrc1 file are below
[root at watcher2 log]# cat /var/log/swatchrc1
#Authentication Failure
watchfor /more authentication failures/
exec echo $0 | mail -s "Authentication Failure" david at abc.com
and I have it run as /usr/bin/swatch -c /var/log/swatchrc1 -t /var/log/messages --daemon
so that it will notify me via email when it got the authentication messages in the log file as
follows for example
Sep 7 02:40:10 inabc.abc.com sshd(pam_unix)[31953]: 2 more authentication failures; logname=
uid=0 euid=0 tty=NODEVssh ruser= rhost=10.10.12.30 user=david
However, in the notification email, I only got the email sent by root at localhost.localdomain with
the subject of "Authentication Failure" and content as "/usr/bin/swatch -c /var/log/swatchrc1 -t
/var/log/messages --daemon"
I can't know the authentication failure detail from the email at all, like which account and login
from where and etc.
Is there a way to include in the notification email for the line of log file that it detects for
example " Sep 7 02:40:10 inabc.abc.com sshd(pam_unix)[31953]: 2 more authentication failures;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=10.10.12.30 user=david"
May I know where is the documentation for the swatchrc config ?? I want to customise it.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the fedora-list
mailing list