Automated System Monitoring and Notification With Swatch

摘要: This paper describes an approach to monitoring events on a large number of servers and workstations. While modern UNIX systems are capable logging variety information concerning the health status their hardware operating system software, they generally not configured do so. Even when this is logged, it often hidden in places that either monitored regularly or susceptible deletion modification by successful intruder. Also, administrator must monitor several, perhaps dozens, systems. To address these problems, our begins with certain programs enhance capabilities. In addition, calls for facilities each be such way as send copy critical security related dependable, secure, central host system. As one might expect, log can see megabyte more data single day. keep from being overwhelmed quantity we have developed easily configurable file filter/monitor, called swatch. Swatch monitors files acts filter out unwanted take user specified actions (ring bell, mail, execute script, etc.) based upon patterns log.