On 10 August 2013 16:10, alex <[email protected]> wrote: > Hi! > Is anybody works with tools like logsentry, swatch, logtail or others? > What is your preference? > I install swatch on current i386 system. My swatch.conf like this: > ...... > watchfor /INVALID|REPEATED|INCOMPLETE|[Ff]ail / > echo magenta_h > bell 3 > mail addresses=myname\@mydomain, subject=Bad_login_attempt > > watchfor /invalid|repeated|incomplete/ > echo > write myname > mail addresses=myname\@localhost, subject=Authentication > Problems > > watchfor /BAD SU|bad su/ > echo > write myname > mail addresses=myname\@localhost, subject=SU Problems > ........ > When i start swatch: > #/usr/local/bin/swatch --daemon --config-file=/etc/swatch.conf > --tail-file=/var/log/authlog --pid-file=/var/run/swatch.pid > it's OK but if run > $su (with wrong password) > system meets me by silence :( > > What's wrong with my swatch.conf? > > Thanks, > Alex > > P.S. DNS & mail servers works OK
Hello, I started with swatch but for some reason it ended up creating zombie forks. Then, I switched to logfmon and been using that for awhile now. Serves my needs perfectly and I also find the syntax to be more convenient than in swatch. Try and see what suits for your needs. So, here's my 2 cents for this matter :) -- Cheers, Ville Valkonen
