Article Title: & #29992; Swatch & #20570; Linux & #26085; & #24535; & #20998; & #26512 ;. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Log files are an important reference for us to find system problems. Most system services send messages to syslogd (system log daemon) when there is a problem. Then the user detects and takes action based on the error message. However, for more than 1000 lines of log files, we must use the Log check tool to save time and avoid missing important information.
Swatch can be literally understood as Watcher ). Other log analysis software regularly scans log files to report problems or situations in the system. The Swatch program can not only do this, but also actively scan log files and fix specific log messages like the Syslogd daemon.
I. Preparation 1. Download and decompress the latest Swatch software package. It is recommended to obtain a reliable Swatch software package from the official website of Swatch.
1) create a directory for storing Swatch software packages.
# Mkdir-p/usr/local/src/log
2) decompress the source code package and a new directory named apache_1.3.33 will be generated under the log directory.
# Tar zpxf swatch-3.1.1.tar.gz
Ii. Installation # Cd swatch 3.1.1
# Make
# Make test
# Make install
# Make realclean
After the Swatch program is successfully installed, the Perl module is used to run the Swatch program.
Iii. Configuration The Swatch program uses a forward expression (Regular Expressions) to discover target rows of interest. Once Swatch finds that a row matches a pre-defined pattern, it immediately takes action, such as screen printing, sending an email, or taking pre-defined actions.
Watchfor/[dD] enied │/DEN. * ED/
Echo bold
Bell 3
Mail
Exec "/etc/call_pageer 5551234 08"
The above script is an example of the Swatch configuration file. First, Swatch searches the specified log file for rows that contain the set word "denied, Denied, or other words that start with DEN or end with ED. Once a row is found, it contains any of the three search words. The Swatch program immediately displays the terminal with lines in bold and three rings, then sends an email to the user running the swatch Program (usually the root user) for the alarm row and executes the/etc/call_paper program, ignore sendmail, fax, and unimportant stuff. in this example, the search strings sendmail, fax, and unimportant stuff will be ignored. they even match one of the predefined search strings.
Iv. Use It is very easy to use Swatch, such as using Swatch to check logs and run:
Swatch -- config-file =/home/zhake/swatch. conf
-- Examine =/var/log/messages
In the preceding example, the absolute path of the configuration file is/home/zhake/swatch. conf. The log file to be checked is/var/log/messages.
Use swatch to check the log files that are not added:
Swatch -- config-file =/home/zhake/swatch. conf
-- Tail-file =/var/log/messages
5. More About the author: Zhao Ke, operating system research and security engineer.
Zhaoke.net is the author's personal website. We welcome technical exchange and link exchange.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
