Swatch was originally written to actively monitor messages as they were written to a log file via the UNIX syslog utility. It has multiple methods of alarming, both visually and by triggering events. The perfect tools for a master loghost. It is known to work flawlessly on Linux (RH5), BSDI, and Solaris 2.6 (patched).
|Tags||Internet Log Analysis Security Monitoring Networking|
Release Notes: A fix for a major bug involving key value assignment when throttling.
Release Notes: A simplified Makefile.PL, fixes for an action parsing problem with a space appended to the option name and another with quotation marks, and fixes for documentation on the '--restart-time' commandline option.
Release Notes: The default input file has been changed to be /var/log/messages instead of /var/log/syslog if it exists. The problem of continuing to try to match a pattern after the pattern was matched but was throttled has been fixed. date_loc, time_loc, and extra_cuts options to have been added to throttle, and numerous problems with throttling have been fixed. "--daemon" mode has been fixed so that it runs more reliably in the background. The read_config routine has been cleaned up. A parsing problem involving the use of a single TAB as a separator has been fixed. The format of the message displayed when throttling has been changed to include the entire message.
No changes have been submitted for this release.