I just installed swatch and am running it as a daemon. I need for it to monitor /var/log/snort/alert & notify me by email of any intrusions in realtime. Snort is working fine and so is postfix (I checked using "mail -s" & the test email went to my remote IMAp server's inbox).
The command I use is:"swatch -c /etc/swatchrc --tail=/var/log/snort/alert --daemon"
I was viewing it's output to stdout, & everything seems ok. It's detecting messages sent to the logfile as per parameters, but I'm not getting any emails. Is something wrong with my configuration? Please look & advise.
I'm using Mandrake 10.0
My /etc/swatchrc is at