[prev in list] [next in list] [prev in thread] [next in thread]
List: swatch-users
Subject: Swatch-users Digest, Vol 11, Issue 1
From: swatch-users-request () ucsb ! edu
Date: 2003-03-01 20:00:08
[Download RAW message or body]
Send Swatch-users mailing list submissions to
swatch-users@ucsb.edu
To subscribe or unsubscribe via the World Wide Web, visit
http://ucsb.edu/mailman/listinfo/swatch-users
or, via email, send a message with subject or body 'help' to
swatch-users-request@ucsb.edu
You can reach the person managing the list at
swatch-users-owner@ucsb.edu
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Swatch-users digest..."
Today's Topics:
1. New User (Khengar, Urvi)
2. Re: New User (Ed Schmollinger)
3. RE: New User (Khengar, Urvi)
4. Re: New User (Ed Schmollinger)
----------------------------------------------------------------------
Message: 1
Date: Fri, 28 Feb 2003 13:30:50 -0600
From: "Khengar, Urvi" <Urvi.Khengar@bankofamerica.com>
Subject: [Swatch-users] New User
To: "'swatch-users@ucsb.edu'" <swatch-users@ucsb.edu>
Message-ID:
<AFB399ACC132D511A0F700508B6FC8D201387A69@mail.bankofamerica.com>
Content-Type: text/plain; charset="iso-8859-1"
All,
I am considering using swatch on our freebsd servers for real-time
monitoring alerts. By just looking at it briefly, it looks like swatch
watches only one file at a time. Does this mean that if I want to monitor
multiple files, I will have to start swatch multiple times? I want to run
swatch as a daemon, would I be able to have multiple daemon of swatch
running at the same time?
Any info is greatly appreciated.
Thanks,
Urvi
------------------------------
Message: 2
Date: Fri, 28 Feb 2003 16:00:27 -0600
From: Ed Schmollinger <schmolli@frozencrow.org>
Subject: Re: [Swatch-users] New User
To: "Khengar, Urvi" <Urvi.Khengar@bankofamerica.com>
Cc: "'swatch-users@ucsb.edu'" <swatch-users@ucsb.edu>
Message-ID: <20030228220026.GP12770@frozencrow.org>
Content-Type: text/plain; charset="us-ascii"
On Fri, Feb 28, 2003 at 01:30:50PM -0600, Khengar, Urvi wrote:
> I am considering using swatch on our freebsd servers for real-time
> monitoring alerts. By just looking at it briefly, it looks like swatch
> watches only one file at a time. Does this mean that if I want to monitor
> multiple files, I will have to start swatch multiple times? I want to run
> swatch as a daemon, would I be able to have multiple daemon of swatch
> running at the same time?
Yes, that's exactly what you need to do in order to monitor multiple
files. If you want to run just one swatch process, then you'd need to
have something else which mashes all the inputs/files together into a
single file or pipe or whatever, then have your swatch process read
that.
--
Ed Schmollinger - schmolli@frozencrow.org
When I'm feeling down, I like to whistle. It makes the
neighbor's dog run to the end of his chain and gag himself.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://hub.ucsb.edu/pipermail/swatch-users/attachments/20030228/a41981f7/attachment-0001.bin
------------------------------
Message: 3
Date: Fri, 28 Feb 2003 16:11:24 -0600
From: "Khengar, Urvi" <Urvi.Khengar@bankofamerica.com>
Subject: RE: [Swatch-users] New User
To: "'Ed Schmollinger'" <schmolli@frozencrow.org>,
"'swatch-users@ucsb.edu'" <swatch-users@ucsb.edu>
Message-ID:
<AFB399ACC132D511A0F700508B6FC8D201387A6A@mail.bankofamerica.com>
Content-Type: text/plain; charset="iso-8859-1"
Thanks for your prompt reply Ed.
I have two more swatch questions regarding swatch!
We need to monitor if a user has more than X number of invalid login
attempts (not continuously but through out the day), we want to get a alert
when the user reaches X invalid login attempts. Is there a way in swatch to
do this? I am assuming no because swatch daemon would be tailing the log
file and since syslog would not keep count of the invalid attempts..swatch
would not be able to check this. Am I assuming right?
Secondly, we want to check to make sure that there are no insecure services
running, would swatch do this?
Thanks,
Urvi
-----Original Message-----
From: Ed Schmollinger [mailto:schmolli@frozencrow.org]
Sent: Friday, February 28, 2003 4:00 PM
To: Khengar, Urvi
Cc: 'swatch-users@ucsb.edu'
Subject: Re: [Swatch-users] New User
On Fri, Feb 28, 2003 at 01:30:50PM -0600, Khengar, Urvi wrote:
> I am considering using swatch on our freebsd servers for real-time
> monitoring alerts. By just looking at it briefly, it looks like swatch
> watches only one file at a time. Does this mean that if I want to monitor
> multiple files, I will have to start swatch multiple times? I want to run
> swatch as a daemon, would I be able to have multiple daemon of swatch
> running at the same time?
Yes, that's exactly what you need to do in order to monitor multiple
files. If you want to run just one swatch process, then you'd need to
have something else which mashes all the inputs/files together into a
single file or pipe or whatever, then have your swatch process read
that.
--
Ed Schmollinger - schmolli@frozencrow.org
When I'm feeling down, I like to whistle. It makes the
neighbor's dog run to the end of his chain and gag himself.
------------------------------
Message: 4
Date: Fri, 28 Feb 2003 17:36:30 -0600
From: Ed Schmollinger <schmolli@frozencrow.org>
Subject: Re: [Swatch-users] New User
To: "Khengar, Urvi" <Urvi.Khengar@bankofamerica.com>
Cc: "'swatch-users@ucsb.edu'" <swatch-users@ucsb.edu>
Message-ID: <20030228233630.GQ12770@frozencrow.org>
Content-Type: text/plain; charset="us-ascii"
On Fri, Feb 28, 2003 at 04:11:24PM -0600, Khengar, Urvi wrote:
> I have two more swatch questions regarding swatch!
> We need to monitor if a user has more than X number of invalid login
> attempts (not continuously but through out the day), we want to get a alert
> when the user reaches X invalid login attempts. Is there a way in swatch to
> do this? I am assuming no because swatch daemon would be tailing the log
> file and since syslog would not keep count of the invalid attempts..swatch
> would not be able to check this. Am I assuming right?
Yes, sort of. You can use swatch's throttle keyword to almost do what
you're looking for. The beta versions of swatch have a new directive
that doesn't print a given message until it sees N of them, but I'm not
sure where you'd get a copy of the beta these days.
> Secondly, we want to check to make sure that there are no insecure services
> running, would swatch do this?
Some daemons throw out log messages when they start up or when they do
stuff, and swatch may come in handy in looking for those kinds of
things. What I can pretty much guarantee will work a million times
better, though, is using a tool that is better suited to the job, such
as nmap. Logging in to the machine in question and doing a 'ps -ef', or
moral equivalent, would probably be a better solution, even. Actually,
depending on what you mean by "insecure," that may not be the answer
you're looking for. If you mean "insecure/buggy versions of software
that you have to run anyway," then that's even less of a job for swatch.
You'd be looking for more of a vulnerability scanner like nessus for
something like that, assuming that you can't just log in to the machines
and check software versions with more conventional methods.
--
Ed Schmollinger - schmolli@frozencrow.org
When I'm feeling down, I like to whistle. It makes the
neighbor's dog run to the end of his chain and gag himself.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://hub.ucsb.edu/pipermail/swatch-users/attachments/20030228/b9f2950a/attachment-0001.bin
------------------------------
_______________________________________________
Swatch-users mailing list
Swatch-users@ucsb.edu
http://ucsb.edu/mailman/listinfo/swatch-users
End of Swatch-users Digest, Vol 11, Issue 1
*******************************************
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic