Simple and efficient: Use Swatch for Linux Log Analysis

Source: Internet
Author: User

Log files are an important reference for us to find system problems. most system services send messages to syslogd (system log daemon) when there is a problem. then the user detects and takes action based on the error message. however, for more than 1000 lines of log files, we must use the Log check tool to save time and avoid missing important information.

Swatch can be literally understood as Watcher (guardian ). other log analysis software regularly scans log files to report system problems or status to you. the Swatch program can not only do this, but also actively scan log files and fix specific log messages like the Syslogd daemon.

I. Preparations

1. Download and decompress the latest Swatch software package. It is recommended to obtain a reliable Swatch software package from the official website of Swatch.

Download URL: http://sourceforge.net/projects/swatch/

1) create a directory for storing Swatch software packages.

# Mkdir-p/usr/local/src/log

2) decompress the source code package and a new directory named apache_1.3.33 will be generated under the log directory.

# Tar zpxf swatch-3.1.1.tar.gz

Ii. Installation

# Cd swatch 3.1.1
# Make
# Make test
# Make install
# Make realclean

After the Swatch program is successfully installed, the Perl module is used to run the Swatch program.

Iii. Configuration

The Swatch program uses a forward expression (Regular Expressions) to discover target rows of interest. once Swatch finds that a row matches the pre-set mode, it immediately takes action, such as screen printing, sending emails, or taking pre-set actions.

Watchfor/[dD] enied │/DEN. * ED/
Echo bold
Bell 3
Mail
Exec "/etc/call_pageer 5551234 08"

The above script is an example of the Swatch configuration file. first, Swatch searches the specified log file for rows that contain the set word "denied, Denied, or other words that start with DEN or end with ED. once a row is found to contain any of the three search words. the Swatch program immediately displays the terminal with lines in bold and three rings, and then sends an email to the user running the swatch Program (usually
Root User) the row where the alert is located and the/etc/call_paper program is executed. Ignore sendmail, fax, and unimportant stuff. in this example, the search strings sendmail, fax, and unimportant stuff will be ignored. they even match one of the predefined search strings.

4. Use

It is very easy to use Swatch, such as using Swatch to check logs and run:
Swatch -- config-file =/home/zhake/swatch. conf
-- Examine =/var/log/messages

In the preceding example, the absolute path of the configuration file is/home/zhake/swatch. conf. The log file to be checked is/var/log/messages.

Use swatch to check the log files that are not added:
Swatch -- config-file =/home/zhake/swatch. conf
-- Tail-file =/var/log/messages

5. More

About the author: Zhao Ke, operating system research and security engineer.
Zhaoke.net is the author's personal website. We welcome technical exchange and link exchange.

Source: http://zhaoke.net/articles/general/2005-02-04.shtml

Copyright Disclaimer: for reference or reprinting, please indicate the author and source, and keep the connection in this article.

If you have any questions or errors, submit them:
Http://zhaoke.net/ OS /forum.php? Do = viewtopic & cat = 2 & topic = 5

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.