Using Swatch for Automated Log Monitoring
Okay, you’ve painstakingly configured, tested, and fine-tuned your system logger to sort system messages by type and importance and then log them both to their respective files and to a central log server. You’ve also configured a log-rotation scheme that keeps as much old log data around as you think you’ll need.
But who’s got the time to actually read all those log messages?
swatch (the “Simple
WATCHer”) does. swatch, a free
log-monitoring utility written 100% in Perl, monitors logs as
they’re being written and takes action when it finds
something you’ve told it to look out for. Swatch
does for logs what tripwire does for system-file integrity.
Installing Swatch
There
are two ways to install swatch. First, of
course, is via whatever binary package of swatch
your Linux distribution of choice provides. (I use the term loosely
here; “executable package” is more
precise.) The current version of Mandrake has an RPM package of
swatch, but none of the other most popular
distributions (i.e., Red Hat, SuSE, Slackware, or Debian) appear to.
This is just as well, though, since the second way to install
swatch is quite interesting.
swatch’s source distribution,
available from http://www.stanford.edu/~atkins/swatch,
includes a sophisticated script called
Makefile.PL that automatically checks for all
necessary Perl modules (see Should We Let Perl Download and Install Its Own Modules? later in this chapter) and uses Perl 5’s CPAN functionality to download ...
Get Building Secure Servers with Linux now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
