LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 11-29-2010, 06:43 AM   #1
andrapgm03
Member
 
Registered: Nov 2010
Location: Indonesia, jakarta
Distribution: Ubuntu Desktop 10.10
Posts: 32

Rep: Reputation: 0
Swatch Problem-Couldn't send email notification


Hello everyone and Linux Guru's

Here I've sort a problem, dealing with swatch.
I wonder why my swatch configuration can't sending an email notification to my mail, which I mean to sent the output file into email.

Swatch running like a charm on my system and success to give the log files for the file that swatch monitoring..

here's my output

Code:
root@ubuntusecurity:/home/andrewraharjo# swatch -c /root/.swatchrc -t /var/log/auth.log

*** swatch version 3.2.3 (pid:6773) started at Mon Nov 29 19:33:39 WIT 2010

Nov 29 19:34:46 ubuntusecurity sudo: pam_unix(sudo:auth): authentication failure; logname=andrewraharjo uid=0 euid=0 tty=/dev/pts/2 ruser=andrewraharjo rhost=ubuntusecurity  user=andrewraharjo
Nov 29 19:35:31 ubuntusecurity sudo: andrewraharjo : 3 incorrect password attempts ; TTY=pts/2 ; PWD=/home/andrewraharjo ; USER=root ; COMMAND=us
Nov 29 19:35:45 ubuntusecurity sudo: andrewraharjo : TTY=pts/2 ; PWD=/home/andrewraharjo ; USER=root ; COMMAND=/bin/su
here's my swatch configuration files

Code:
#SWATCH CONFIG FILE

watchfor = /FAILED su for root/
        echo bold
        exec echo "Subject: auth:FAILED su for root\n\n$_\n" | sendmail "andrew2raharjo@gmail.com"

watchfor /sudo:/
        echo bold
        exec echo "Subject: auth:FAILED su for root\n\n$_\n" | sendmail "andrew2raharjo@gmail.com"
        throttle 01:00

watchfor /sudo:.*command not allowed/
        exec echo "Subject: auth:FAILED su for root\n\n$_\n" | sendmail "andrew2raharjo@gmail.com"
        echo bold red
my question is;
Why I didn't get any alert message (email notification to andrew2raharjo@gmail.com) from swatch for printed log on my system ?

Please somebody help me, any suggestion, I will appreciate it...I'm totally desperate about my system. I getting confused....

Best Regards,
Andrew
 
Old 11-29-2010, 06:46 AM   #2
andrapgm03
Member
 
Registered: Nov 2010
Location: Indonesia, jakarta
Distribution: Ubuntu Desktop 10.10
Posts: 32

Original Poster
Rep: Reputation: 0
Yayyy..It works...

hmm....I've seen I haven't allow my mod for my swatch logging files

so I tried to change my swatch mod, cause I'm running it with a simple bash scripting...

It appears on andrew2raharjo@gmail.com

Code:
Nov 29 19:34:46 ubuntusecurity sudo: pam_unix(sudo:auth): authentication failure; logname=authtest uid=0 euid=0 tty=/dev/pts/2 ruser=andrewraharjo rhost=ubuntusecurity  user=xxx
yes..it works for several hours, today I tried to log again the 'failed sudo' but it will not appears periodically on andrew2raharjo@gmail.com...

so what's the problem ? I didn't get the e-mail for the alerting message, even I've done 'ssh-remote' and tried to enter the wrong password on my system. I wouldn't sent another email for each error messages...

now I wonder why how to run swatch on daemon mode then log it into new file and about email alerting periodically..

Last edited by andrapgm03; 11-30-2010 at 07:13 AM.
 
Old 01-02-2011, 02:38 AM   #3
andrapgm03
Member
 
Registered: Nov 2010
Location: Indonesia, jakarta
Distribution: Ubuntu Desktop 10.10
Posts: 32

Original Poster
Rep: Reputation: 0
Why I still can't get email message from swatch error message ? Nothing email error message in my gmail....Somebody please help...why swatch can't send error report into my gmail...??

Last edited by andrapgm03; 01-02-2011 at 02:52 AM.
 
Old 02-03-2011, 10:21 AM   #4
beaknit
LQ Newbie
 
Registered: Sep 2008
Posts: 4

Rep: Reputation: 0
Swatch not emailing

I'm having the same issue.

What version are you running? I've got 3.2.1 from the Ubuntu 8.04 apt repo.
 
Old 02-03-2011, 10:51 AM   #5
beaknit
LQ Newbie
 
Registered: Sep 2008
Posts: 4

Rep: Reputation: 0
Also, what MTA are you using? I've got Exim4.
 
Old 02-03-2011, 12:17 PM   #6
beaknit
LQ Newbie
 
Registered: Sep 2008
Posts: 4

Rep: Reputation: 0
I found the issue. By default, swatch sends mails with 'sendmail -oi -t -odq' That sends them straight to the queue with no attempt at delivery. It waits till the queue runner comes around. (30 minutes, by default.)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
problem with send email using fetchmail ssilayaraja Linux - Networking 5 04-09-2008 04:55 AM
swatch daemon is unable to send emails hari_seldon99 Linux - Software 2 12-18-2005 04:55 PM
problem with email notification of new posts titanium_geek LQ Suggestions & Feedback 6 06-15-2005 04:14 PM
how to make a C program send email notification/alerts? eigenyeugen Programming 1 01-04-2005 08:16 PM
problem to send email... os2 Linux - Software 1 09-10-2004 03:15 PM


All times are GMT -5. The time now is 12:25 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration