LinuxQuestions.org - Swatch Problem-Couldn't send email notification

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - Swatch Problem-Couldn't send email notification (https://www.linuxquestions.org/questions/linux-server-73/swatch-problem-couldnt-send-email-notification-847196/)

Swatch Problem-Couldn't send email notification

Hello everyone and Linux Guru's

Here I've sort a problem, dealing with swatch.
I wonder why my swatch configuration can't sending an email notification to my mail, which I mean to sent the output file into email.

Swatch running like a charm on my system and success to give the log files for the file that swatch monitoring..

here's my output

Code:

root@ubuntusecurity:/home/andrewraharjo# swatch -c /root/.swatchrc -t /var/log/auth.log



*** swatch version 3.2.3 (pid:6773) started at Mon Nov 29 19:33:39 WIT 2010



Nov 29 19:34:46 ubuntusecurity sudo: pam_unix(sudo:auth): authentication failure; logname=andrewraharjo uid=0 euid=0 tty=/dev/pts/2 ruser=andrewraharjo rhost=ubuntusecurity  user=andrewraharjo

Nov 29 19:35:31 ubuntusecurity sudo: andrewraharjo : 3 incorrect password attempts ; TTY=pts/2 ; PWD=/home/andrewraharjo ; USER=root ; COMMAND=us

Nov 29 19:35:45 ubuntusecurity sudo: andrewraharjo : TTY=pts/2 ; PWD=/home/andrewraharjo ; USER=root ; COMMAND=/bin/su

here's my swatch configuration files

Code:

#SWATCH CONFIG FILE



watchfor = /FAILED su for root/

        echo bold

        exec echo "Subject: auth:FAILED su for root\n\n$_\n" | sendmail "andrew2raharjo@gmail.com"



watchfor /sudo:/

        echo bold

        exec echo "Subject: auth:FAILED su for root\n\n$_\n" | sendmail "andrew2raharjo@gmail.com"

        throttle 01:00



watchfor /sudo:.*command not allowed/

        exec echo "Subject: auth:FAILED su for root\n\n$_\n" | sendmail "andrew2raharjo@gmail.com"

        echo bold red

my question is;
Why I didn't get any alert message (email notification to andrew2raharjo@gmail.com) from swatch for printed log on my system ?

Please somebody help me, any suggestion, I will appreciate it...I'm totally desperate about my system. I getting confused....

Best Regards,
Andrew

Yayyy..It works...

hmm....I've seen I haven't allow my mod for my swatch logging files

so I tried to change my swatch mod, cause I'm running it with a simple bash scripting...

It appears on andrew2raharjo@gmail.com

Code:

Nov 29 19:34:46 ubuntusecurity sudo: pam_unix(sudo:auth): authentication failure; logname=authtest uid=0 euid=0 tty=/dev/pts/2 ruser=andrewraharjo rhost=ubuntusecurity  user=xxx

yes..it works for several hours, today I tried to log again the 'failed sudo' but it will not appears periodically on andrew2raharjo@gmail.com...

so what's the problem ? I didn't get the e-mail for the alerting message, even I've done 'ssh-remote' and tried to enter the wrong password on my system. I wouldn't sent another email for each error messages...

now I wonder why how to run swatch on daemon mode then log it into new file and about email alerting periodically..

Why I still can't get email message from swatch error message ? Nothing email error message in my gmail....Somebody please help...why swatch can't send error report into my gmail...??

Swatch not emailing

I'm having the same issue.

What version are you running? I've got 3.2.1 from the Ubuntu 8.04 apt repo.

Also, what MTA are you using? I've got Exim4.

I found the issue. By default, swatch sends mails with 'sendmail -oi -t -odq' That sends them straight to the queue with no attempt at delivery. It waits till the queue runner comes around. (30 minutes, by default.)