User Tools

Site Tools


documentation:swatch

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
documentation:swatch [2010/02/18 18:38]
triley2
documentation:swatch [2010/02/18 18:46] (current)
triley2
Line 1: Line 1:
 +=====SWATCH=====
 +swatch is a configurable log file monitor.
 +====start====
 +<cli>
 +touch .swatchrc
 +</​cli>​
 +
 +this will create the needed default config file that swatch looks for. you can specify any file to be the config file as a command line argument.  ​
 +
 +<cli>
 +swatch ​
 +</​cli>​
 +
 +this will run swatch with all the default .swatchrc file and will monitor /​var/​log/​messages ​
 +
 +<cli>
 +swatch --config-file=.swatchrc --tail-file=/​var/​log/​messages
 +</​cli>​
 +
 +this is the same as running the defaults but as you can change the path of either to specify what and how you want to monitor. relitive links may or may not work i would not work for me. I edited my .bashrc file and included an alias for swatch so that I didn't have to type all that out every time.
 +
 +====configuration file====
 +this is the only config file you need it will be populated by regular expressions on the types of files you want to watch for or monitor. note that you can have more than one configuration file you just have to specify witch one you want to use at run time.
 +<​code>​
 +
 +# .swatchrc
 +# to run type swatch on command line
 +#
 +
 +watchfor <​regexp>​
 +      echo
 +</​code>​
 +this code example tells swatch to watch for a certain pattern and echo the entry to the console if it happens.
 +  *echo - this echos the message to the console
 +    *normal, clear, reset, bold, underline, underscore, blink, reverse, concealed ​
 +    *black, red, green, yellow, blue, magenta, cyan, white 
 +    *on_black, on_red, on_green, on_yellow, on_blue, on_magenta, on_cyan, and on_white. ​
 +    *The on_ colors specify a highlighting color.
 +  *exec - this will execute what ever shell command that follows
 +  *ignore - this will ignore anything with the regular expression in it
 +  *mail - this will email any number of people with an given subject ​
 +    *addresses=address:​address
 +    *,​subject=text_goes_here
 +    *,info: text goes here
 +  *throttle - used to limit a message from printing multiple times
 +  *pipe - used to transfer the log to another command (ie: cut, cat)
 +  *watchfor - used to watch for the specific log files and actions follow ​
 +  *continue - will go though the rest of the swatch file with the log 
 +  *quit - will quit swatch
 +  *write - will use write command to write the given log to a user
 +    *user:​user:​...
 +  *threshold - 
 +<​code>​
 +#
 +# simple .swatchrc
 +# "​swatch"​ to run
 +#
 +ignore /​--MARK--/ ​        #​ignores anything with --MARK-- in it
 +
 +watchfor /sudo/
 +      echo = red          #echos out in the color red
 +watchfor /deamon/
 +      echo = blue         #​echos out in the color blue
 +      ​
 +# end
 +</​code>​
 +
 +this is simple config file i was using for testing just substituting different values to watch for. i don't have very many log files on my laptop to monitor for so making it more complex at this time is kinda hard. i have to talk to Matt to see if i can get permissions to view the lab46 logs. 
 +<​code>​
 +#
 +# sample test code for .swatchrc
 +#
 +# to run "​swatch --config-file=.swatchrc --tail-file=/​var/​log/​remote_log
 +#
 +ignore /-- MARK --/
 +
 +watchfor /​authentication failure/
 +      echo = red
 +      ​
 +watchfor /​(node|nfs)/ ​                                           #search for node or nfs
 +      echo
 +      pipe = cut -d ":"​ -f 1
 +      ​
 +watchfor /session opened for user $USER/ ​                        # replace $USER with your specified user 
 +      echo = red
 +      mail = $USER@offbyone.lan,​ subject=logon ​       ​
 +
 +watchfor /.*/
 +      echo                                                       # clean up - everything else 
 +
 +# end 
 +</​code>​
 +be careful swatch is a top down driven. so if your first line says to ignore a whole log and your fifth says to email you your never going to get that email. see "​continue"​ above to avoid this.
 +
 +
  
documentation/swatch.txt · Last modified: 2010/02/18 18:46 by triley2