Log Monitoring with Swatch

Swatch is a Perl-based log monitoring tool that can match regular expressions and perform automated actions. The tool is useful for monitoring system log files in real time with an option to run external commands or to notify the admins in response to particular messages found in the logs.

Example configuration file: /etc/swatch.conf

watchfor /bvebw3/
echo bold
throttle 0:2:0,use=regex
bell 3,
exec “/var/adm/bin/ 800-555-1234”

Usage examples:

Scan a file and report any matches:

swatch –config-file=/etc/swatch.conf –examine=/var/log/messages

Continuously monitor a log file:

swatch –config-file=/etc/swatch.conf –tail=/var/log/messages

