Page 1 of 1
syslog integration
Posted: Tue Apr 10, 2012 2:18 pm
by arnab.roy
hi guys
is there an integration doc for this ?
cheers
arnab
Re: syslog integration
Posted: Thu Apr 12, 2012 3:15 pm
by arnab.roy
Any one ?
Re: syslog integration
Posted: Thu Apr 12, 2012 4:52 pm
by scottwilkerson
Re: syslog integration
Posted: Thu Apr 26, 2012 3:13 pm
by arnab.roy
Hi Scott,
Will this support standard syslog messages from devices like routers and switches ?
Cheers
Arnab
Re: syslog integration
Posted: Fri Apr 27, 2012 10:08 am
by arnab.roy
HI Guys,
I have question around the swatch utility is it able to monitor multiple log files? Ideally what I am doing is creating a separate log file per device using syslog-ng and and want swatch to monitor it is this possible ? I am able to monitor 1 file at the moment also would like to run it as service on Centos 6 any ideas how I can set it up?
Thanks Arnab
Re: syslog integration
Posted: Fri Apr 27, 2012 10:14 am
by scottwilkerson
Yes.
From the README file
34 Added --tail-program-name and --tail-args command line options. This
35 allows one to use more robust tail commands like GNU tail. Here is
36 how I use it to watch multiple files and not have to worry when they
37 get rotated:
38
39 % swatch --tail-prog=/usr/local/bin/gtail \
40 --tail-args '--follow=name --lines=1' \
41 --tail-file="/var/log/messages /var/log/snort/alert"
Re: syslog integration
Posted: Tue May 01, 2012 4:22 pm
by arnab.roy
Hi guys
I would like to add the documentation isn't very clear I have managed to finally crack I have developed bunch of little scripts that makes this usable I will post this once I get a chance.
Cheers
Arnab
Re: syslog integration
Posted: Wed May 02, 2012 11:29 am
by slansing
Hello arnab.roy, I have noted that you struggled with the documentation and will have a look at it to see what can be changed! If you are referring to the Read-me and Install files within the swatch zip itself those were not created by us.
Re: syslog integration
Posted: Wed May 02, 2012 3:18 pm
by arnab.roy
The document I think starts at the wrong point, it is not meant for integrating with external syslog messages from a number devices it considers that the logs are already their on the server on which swatch is being run on. Plus the shell script example to send the nsca traps is not entirely correct(I have re-written this in perl). It missed the step where you need to configure the nsca configuration file where you configure the encryption and password. Also swatch doesnt run as a service and doesnt have the service script to add to chkconfig I had to write that to make it run as service in a deamon mode. So their is lots of room for improvement. I am glad I managed to get working it working quiet well for me now.