Swatchdog — Tail logs, match a pattern and triger actions
Note: this tutorial requires a configured SMTP server, in case you dont have consider read my article on how to configure postfix to use…
Note: this tutorial requires a configured SMTP server, in case you dont have consider read my article on how to configure postfix to use gmail as SMTP relay
https://medium.com/@kpatronas/ubuntu-configure-postfix-as-smtp-relay-server-using-gmail-3141a9216b83
Install swatchdog in ubuntusudo apt-get install swatch
Initial configuration
In this initial configuration we will create the configuration file to match patterns in file /var/log/test.log, this example can be used as a template to match your specific needs.sudo mkdir /etc/swatchdog
sudo touch /etc/swatchdog/testlog_swatchdog_patterns.cfg
sudo touch /etc/system/systemd/swatchdog_testlog.service
Paste the following in /etc/system/systemd/swatchdog_testlog.service[Unit]
Description=Swatchdog Service fo test.log
After=network.target
[Service]
Type=forking
User=root
ExecStart=/usr/bin/swatchdog -c /etc/swatchdog/testlog_swatchdog_patterns.cfg -t '/var/log/test.log' --daemon
[Install] WantedBy=multi-user.target
Creating our first rule
To create a rule we have to define a regex pattern that will match with appending text in file /var/log/test.log, in case of match an email alert will be sent.
paste the following in /etc/swatchdog/testlog_swatchdog_patterns.cfg , replace username@gmail.comwatchfor /test01/
exec /usr/bin/mail -s "swatchdog alert - host: ```hostname -s``` [Pattern test01 alert]" username@gmail.com
Test the rule
To test the rule you need to append ‘test01’ to /var/log/test.logsudo echo "test01" >> /var/log/test.log
You should recieve an email alert.