[Logwatch] Logwatch on Windows

Phil Bettinson phil.bettinson at llgc.org.uk
Tue Aug 23 01:53:30 MST 2005

Having read the discussion on this, maybe what your looking for is 
something like SWATCH, which watches a logfile for X behaviour, then 
runs X script. It runs as a service on linux, and does seem to work 
quite well (once it's set up correctly). How it will run on Windows is 
beyond me.

On anouther note, wouldn't you rather something that read the EventViewer?

System Administrator, National Library of Wales

oh, ps. I seem to be missing messages from the mailing list.. is it me?

logwatch at mikecappella.com wrote:

>>Argh you made me rethink my assumptions and try to recall 
>>where I was last Friday when they dumped this in my lap.
>>Grep was my first tool.  And it works well.  But.
>>Maybe I don't know how to use grep.  I want to scan the DHCP 
>>logs on an aggressive schedule, the idea is to catch a print 
>>server as it obtains a new address* and minimize downtime.  
>>At a first guess if I make a pass every five minutes through 
>>the DHCP logs will work.
>>So I can grep the log but grep by itself won't tell me when 
>>the last time device x obtained that IP or if that hit just 
>>returned is the same one I saw last time.  This is what 
>>logwatch does, yes?  "Scan this file every 5 minutes and if 
>>this hit is new do action X".
> Grep filters lines from an input stream that match a Regular Expression.
> You write an RE that suits your needs, and you run grep as often as you want
> to find lines you are looking for.  To get the first, or last, lines that
> you require, or then Nth (or whatever), pipe the output of grep to either
> head -1, or tail -1, or whatever filter program you want to do the job.
> Logwatch does not sit and watch logs, which is what I'm perceiving you think
> it does.  Rather, it is a number perl scripts which perform regular
> expression matches on various logfiles.  In other words, its just like grep,
> but with lots more processing and smarts.  You simply don't need to run such
> a heavy-weighted when 95% of what it does is not useful to you.  Logwatch is
> run periodically, say once or twice per day.  It is used to look for
> anomalies and other tidbits by filtering out normal behavior.
>>I confess that I stopped using logwatch when (two years ago) 
>>we turned on a snazzy (expensive) scheduler/alert server - I 
>>could be wrong.
> Again, logwatch is not by itself an alerter, and is not the most efficient
> mechanism for such a task anyway (as it rereads and processes lines in the
> log files each and every run vs. an alerter which can keep a file open for
> continuous reading for file appends).
>>Further thought - I could grep for MAC address X  compare the 
>>old with new IP and change if they don't match.  That would work.
> It sounds like you really want a perl or awk script, since you want to a)
> match an RE, b) perform a little text manipulation.  This should be
> relatively straightforward and simple given your requirements.  It would
> basically:
>   match Mac address in logfile
>     strip out unwanted text, leaving timestamp and/or IP address
>     perform some action (like calling another script to do your updates)
> Hope this helps,
> -m
> _______________________________________________
> Logwatch mailing list
> Logwatch at logwatch.org
> http://www2.list.logwatch.org:81/lists/listinfo/logwatch

More information about the Logwatch mailing list