HPE Community
Operating System - HP-UX
1834665 Members
2187 Online
110069 Solutions
New Discussion

Re: Swatch

 
wvsa
Regular Advisor

‎11-14-2005 06:17 AM

‎11-14-2005 06:17 AM

Swatch

Greetings all;

Wondering if anyone out there is running swatch. Having a problem with swatch in the shutdown and startup scripts. If we allow swatch to be started up during a server boot (/sbin/init.d with a link to /sbin/rc3.d) it works fine but the console connection is disabled as well as our ems notifications seem to be somehow held up. When swatch is stopped then our ems startup notification messages appear. By the way if we nohup swatch it works as advertised.
Interested in finding out if anyone is starting up swatch during server boot time and if so would you mind sharing your start up and shutdown script.

If anyone would be interested in sharing there swatch configuration file(s) would appreciate that as well.

Thanks in advance!

wvsa

0 Kudos
Reply
4 REPLIES 4
Vincent Fleming
Honored Contributor

‎11-14-2005 07:36 AM

‎11-14-2005 07:36 AM

Re: Swatch

I don't know what swatch is, but one big difference in startups you talk about is the controlling terminal.

The /etc/rc scripts start processes without a controlling terminal, where nohup provides this device.

The controlling terminal defines stdin, stdout, and stderr.

The swatch is probably doing something like trying to write to or read from stdin/stdout.

Have you read the docs for swatch? Are you sute there isn't a "-d" or something for daemon mode? That usually prevents it from assuming that there is a controlling terminal... in most programs, or at least ones that are intended to be run as services.

Good luck,

Vince
No matter where you go, there you are.
0 Kudos
Reply
Vincent Fleming
Honored Contributor

‎11-14-2005 07:59 AM

‎11-14-2005 07:59 AM

Re: Swatch

Ah... swatch.sorceforge.net...

Log watcher.

OK. It's a perl script (at least the one I found).

It might work for you if you did this:

swatch < /dev/console > /dev/console 2>&1 &

or

swatch < /dev/zero > /dev/null 2>&1 &

or just:

swatch > /dev/null 2>&1 &
or
swatch > /dev/console 2>&1 &


(These are ksh format... if you use another shell, you'll have to translate)

Good luck,

Vince
No matter where you go, there you are.
0 Kudos
Reply
Senthil Prabu.S_1
Trusted Contributor

‎11-14-2005 03:49 PM

‎11-14-2005 03:49 PM

Re: Swatch

Hi,

My swatch configuration file looks like;

cat /etc/swatchrc.txt
==========================================================
# Swatch configuration file
#
#
# swatch -c /etc/swatchrc -t /var/log/snort/alert
#
### Snort Alerts
## Watch for entries containing the word 'Priority' in the snort alert file.
## Display it in green on the screen
## Mail alert to alerts@yourdomain.com with subject of the email
## being "----Snort IDS Alert----"
## Log in file /var/log/IDS-scans
watchfor /Priority/
echo green_h
mail addresses=ses\@krishna.kovaiteam.com,subject=--- Snort IDS Alert ---
exec echo $0 >> /var/log/IDS-scans
============================================================

Also, ur problem is not related to swatch configuration, I hope.

--
Prabu.S
One man's "magic" is another man's engineering. "Supernatural" is a null word.
0 Kudos
Reply
wvsa
Regular Advisor

‎11-15-2005 08:03 AM

‎11-15-2005 08:03 AM

Re: Swatch

Thanks to all who have replied. Still having a problem starting swatch as part of /sbin/init.d start up scripts. Can see it in the rc.log but swatch does not start, have tried changing the script shell to ksh and redirecting the output to /dev/null still have not been able to get swatch to start during boot up. Script works great if I run logged in as root. Here is the startup script:
#!/usr/bin/ksh
#
#######################################################################
#
# Start/Stop script for swatch monitoring on `hostname`
#
# Modifications
# Date Id Comments
# 11/15/05 NL Orignal script
#
#########################################################################
#
PATH=/sbin:/usr/sbin:/usr/bin:/opt/perl/bin:/sbin/init.d
export PATH
#
#
# setup for HP startup/shutdown standards
#
case $1 in
'start_msg')
echo "Starting swatch on Hosea"
;;
'start')
echo "Start swatch on `hostname`"
swatch -c /etc/swatch/swatch.syslog.conf -t /var/adm/syslog/syslog.log > /de
v/null 2>&1 &
echo "Swatch started on `hostname`"
echo $PATH
;;
'stop_msg')
echo "Stop swatch on Hosea"
;;
'stop')
echo "Stop swatch on `hostname`"
ps -ef | grep swatch | grep -v grep | cut -c9-14 | xargs kill >/dev/
null 2>&1
;;
*)
echo "usage: $0 {start|stop|start_msg|stop_msg}"
;;
esac
exit 0
ps -ef | grep swatch | grep -v grep | cut -c9-14 | xargs kill >/dev/null

I can't see anything wrong with the script, especially since it works great starting it as root. Here is the link to sbin/rc3.d:

lrwxr-xr-x 1 root sys 19 Nov 14 15:01 S900swatch -> /sbin/init.d/swatch

Any suggestion would be greatly appreciated

wvsa

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.