Swatchdog — Tail logs, match a pattern and triger actions

Note: this tutorial requires a configured SMTP server, in case you dont have consider read my article on how to configure postfix to use gmail as SMTP relay

Install swatchdog in ubuntu

sudo apt-get install swatch

Initial configuration

In this initial configuration we will create the configuration file to match patterns in file /var/log/test.log, this example can be used as a template to match your specific needs.

sudo mkdir /etc/swatchdog
sudo touch /etc/swatchdog/testlog_swatchdog_patterns.cfg
sudo touch /etc/system/systemd/swatchdog_testlog.service

Paste the following in /etc/system/systemd/swatchdog_testlog.service

Description=Swatchdog Service fo test.log
ExecStart=/usr/bin/swatchdog -c /etc/swatchdog/testlog_swatchdog_patterns.cfg -t '/var/log/test.log' --daemon

Creating our first rule

To create a rule we have to define a regex pattern that will match with appending text in file /var/log/test.log, in case of match an email alert will be sent.

paste the following in /etc/swatchdog/testlog_swatchdog_patterns.cfg , replace

watchfor /test01/
exec /usr/bin/mail -s "swatchdog alert - host: ```hostname -s``` [Pattern test01 alert]"

Test the rule

To test the rule you need to append ‘test01’ to /var/log/test.log

sudo echo "test01" >> /var/log/test.log

You should recieve an email alert.

Written by

DevOps engineer, loves Linux, Python, cats and Amiga computers

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store