Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#12 swatch basic howto

v1.0 (example)
open
nobody
5
2005-01-14
2005-01-14
Anonymous
No

Swatch HOWTO

1) Debian users can run apt utilities:
apt-get install swatch

2) Create a new file called .swatch under your root
directory:
eg /root/.swatch

development.slashdot.org:~# cat .swatchrc
# watchfor /pattern regexp/
# echo - display to console
# throttle 01:00 -- every minute
# ======= ======
======== =========
watchfor /SHELLCODE/
echo red
bell 3
throttle 01:00
mail support@development.slashdot.org
watchfor /SMTP/
echo yellow
bell 3
throttle 01:00
mail support@development.slashdot.org

3)development.slashdot.org~# swatch --help
Usage:
swatch [<options>]
Options:
--config-file=FILENAME Use FILENAME
for configuration.
--old-style-config Parse a
pre-version 3 configuration.
--restart-time=[+]HH:MM[AM|PM] Send a HUP
signal to swatch at the specified time.
--input-record-separator=REGEX Specify an
what should be used to separate "lines."
--help Display this
message.
--version Display author
and version information.
--tail-file=FILENAME Watch a tail
of FILENAME.
--read-pipe=COMMAND Watch a pipe
from COMMAND
--examine=FILENAME Perform a
single pass through FILENAME

4) run it to test it once through
development.slashdot.org:~# swatch
--examine=/var/log/snort/alert
*** swatch-3.0.4 (pid:3171) started at Fri Jan 14
11:39:21 CST 2005

[**] [1:649:4] SHELLCODE x86 setgid 0 [**]
[**] [1:648:4] SHELLCODE x86 NOOP [**]
[**] [1:649:4] SHELLCODE x86 setgid 0 [**]
[**] [1:648:4] SHELLCODE x86 NOOP [**]

Discussion