diff options
Diffstat (limited to 'testing/swatch/swatchrc')
-rw-r--r-- | testing/swatch/swatchrc | 103 |
1 files changed, 0 insertions, 103 deletions
diff --git a/testing/swatch/swatchrc b/testing/swatch/swatchrc deleted file mode 100644 index 3ea2615a9..000000000 --- a/testing/swatch/swatchrc +++ /dev/null @@ -1,103 +0,0 @@ -############################################################################### -### Swatch example config -# -# The configuration file is used by the swatch(8) program to determine what -# types of expression patterns to look for and what type of action(s) should be -# taken when a pattern is matched. -# Each line should contain a keyword and a, sometimes optional, value for that -# keyword. The keyword and value are separated by a space or an equal (=) sign. -# -# watchfor regex -# ignore regex -# -# echo [modes] -# Echo the matched line. The text mode may be normal, bold, underscore, -# blink, inverse, black, red, green, yellow, blue, magenta, cyan, white, -# black_h, red_h, green_h, yellow_h, blue_h, magenta_h, cyan_h, -# and/or white_h. The _h colors specify a highlighting color. The other -# colors are assigned to the letters. Some modes may not work on some -# terminals. Normal is the default. -# bell [N] -# Echo the matched line, and send a bell N times (default = 1). -# exec command -# Execute command. The command may contain variables which are substituted -# with fields from the matched line. A $N will be replaced by the Nth field -# in the line. A $0 or $* will be replaced by the entire line. -# mail [addresses=address:address:...][,subject=your_text_here] -# Send mail to address(es) containing the matched lines as they appear -# (default address is the user who is running the program). -# pipe command[,keep_open] -# Pipe matched lines into command. Use the keep_open option to force the -# pipe to stay open until a different pipe action is run or until swatch -# exits. -# write [user:user:...] -# Use write(1) to send matched lines to user(s). -# threshold track_by=key, type=<limit|threshold|both, count=number, seconds=number> -# Thresholding can be done for the complete watchfor block and/or for -# individual actions. Add ``threshold=on'' as an option along with the other -# threshold options when thresholding an individual action. -# track_by -# The value of this should be something that is unique to the -# watchfor regular expression. Tip: enclose unique parts of the -# regular expression in parentheses, then use the sub matches as -# part of the value (e.g. track_by=``$2:$4''). -# type -# There are three types of thresholding. They are as follows: -# limit -# Perform action(s) for the first "count`` matches during -# the time interval specified by ''seconds", then ignore -# events for the rest of the time interval (kind of like -# throttle) -# threshold -# Perform action(s) on each match for up to count matches -# during the time interval specified by seconds -# both -# Perform actions(s) once per time interval after "count`` -# matches occur, then ignore additional matches during the -# time interval specified by ''seconds" -# continue -# Use this action to cause swatch to continue to try to match other -# pattern/action groups after it is done with the current pattern/action -# block. -# quit -# Use this action to cause swatch to clean up and quit immediately. -############################################################################### - -## Successful SSH Login Attempts -watchfor /sshd.*(: [aA]ccepted)(.*)( from )(.*)( port .*)$/ - threshold track_by=$4,type=limit,count=1,seconds=60 - echo bold green - #mail='receiver@foo.bar',SUBJECT=sshd: Accepted connection,MAILER=sendmail -t -S smtp.foo.bar -f sender\@foo.bar - -## Invalid SSH Login Attempts -watchfor /sshd.*(: [iI]nvalid [uU]ser )(.*)( from )(.*)$/ - threshold track_by=$4,type=both,count=3,seconds=60 - echo bold red - -## Failed SSH Login Attempts -watchfor /sshd.*(: [fF]ailed password for )(.*)( from )(.*)( port )(.*)$/ - threshold track_by=$4,type=both,count=3,seconds=60 - echo bold red - -## Failed SSH Login Attempts -watchfor /([aA]uthentication [fF]ailure for [iI]llegal [uU]ser )(.*)( from )(.*)$/ - threshold track_by=$4,type=both,count)3,seconds=60 - echo bold red - - -## Invalid sudo commands -watchfor /sudo:.*[Cc]ommand not allowed/ - echo bold red - -## File system full -watchfor /file system full/ - echo bold blue - -## System crashes and halts -watchfor /(panic|halt)/ - echo bold red - -## File system errors -watchfor /[Mm]edia [Ee]rror/ - echo bold yellow - |