
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
440
|
Chapter 12: System Log Management and Monitoring
respective files and to a central log server. You’ve also configured a log-rotation
scheme that keeps as much old log data around as you think you’ll need.
But who’s got the time to actually read all those log messages?
Swatch (the “Simple WATCHer”) does. Swatch, a free log-monitoring utility written
100% in Perl, monitors logs as they’re being written and takes action when it finds
something you’ve told it to look out for. Swatch does for logs what Tripwire does for
system-file integrity.
Installing Swatch
There are two ways to install Swatch. First, of course, is via whatever binary package
of Swatch your Linux distribution of choice provides. (I use the term loosely here;
“executable package” is more precise.) The current version of Mandrake has an RPM
package of swatch, as does Debian, but none of the other most popular distributions
(i.e., Red Hat, Fedora, and SUSE) do, though you can download Gavin Henry’s
Swatch RPMs for Fedora and Red Hat at http://fedoranews.org/ghenry/swatch/.
This is just as well, though, since the second way to install Swatch is quite interest-
ing. Swatch’s source distribution, available from http://swatch.sourceforge.net,
includes a script called Makefile.PL that automatically checks for all necessary ...