Use Swatch for Linux Log Analysis

Source: Internet
Author: User
Article Title: & #29992; Swatch & #20570; Linux & #26085; & #24535; & #20998; & #26512 ;. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Log files are an important reference for us to find system problems. Most system services send messages to syslogd (system log daemon) when there is a problem. Then the user detects and takes action based on the error message. However, for more than 1000 lines of log files, we must use the Log check tool to save time and avoid missing important information.
  
Swatch can be literally understood as Watcher ). Other log analysis software regularly scans log files to report problems or situations in the system. The Swatch program can not only do this, but also actively scan log files and fix specific log messages like the Syslogd daemon.
  
   I. Preparation
1. Download and decompress the latest Swatch software package. It is recommended to obtain a reliable Swatch software package from the official website of Swatch.
  
Download URL: http://sourceforge.net/projects/swatch/
  
1) create a directory for storing Swatch software packages.
  
# Mkdir-p/usr/local/src/log
  
2) decompress the source code package and a new directory named apache_1.3.33 will be generated under the log directory.
  
# Tar zpxf swatch-3.1.1.tar.gz
  
   Ii. Installation
# Cd swatch 3.1.1
# Make
# Make test
# Make install
# Make realclean
  
After the Swatch program is successfully installed, the Perl module is used to run the Swatch program.
  
   Iii. Configuration
The Swatch program uses a forward expression (Regular Expressions) to discover target rows of interest. Once Swatch finds that a row matches a pre-defined pattern, it immediately takes action, such as screen printing, sending an email, or taking pre-defined actions.
  
Watchfor/[dD] enied │/DEN. * ED/
Echo bold
Bell 3
Mail
Exec "/etc/call_pageer 5551234 08"
  
The above script is an example of the Swatch configuration file. First, Swatch searches the specified log file for rows that contain the set word "denied, Denied, or other words that start with DEN or end with ED. Once a row is found, it contains any of the three search words. The Swatch program immediately displays the terminal with lines in bold and three rings, then sends an email to the user running the swatch Program (usually the root user) for the alarm row and executes the/etc/call_paper program, ignore sendmail, fax, and unimportant stuff. in this example, the search strings sendmail, fax, and unimportant stuff will be ignored. they even match one of the predefined search strings.
  
   Iv. Use
It is very easy to use Swatch, such as using Swatch to check logs and run:
Swatch -- config-file =/home/zhake/swatch. conf
-- Examine =/var/log/messages
  
In the preceding example, the absolute path of the configuration file is/home/zhake/swatch. conf. The log file to be checked is/var/log/messages.
  
Use swatch to check the log files that are not added:
Swatch -- config-file =/home/zhake/swatch. conf
-- Tail-file =/var/log/messages
  
   5. More
About the author: Zhao Ke, operating system research and security engineer.
Zhaoke.net is the author's personal website. We welcome technical exchange and link exchange.
  
Source: http://zhaoke.net/articles/general/2005-02-04.shtml
  
Copyright Disclaimer: for reference or reprinting, please indicate the author and source, and keep the connection in this article.
  
If you have any questions or errors, submit them:
Http://zhaoke.net/ OS /forum.php? Do = viewtopic & cat = 2 & topic = 5

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.