[suggest] request swatch 3.2.3 upgrade

arnebjarne72 at hotmail.com arnebjarne72 at hotmail.com
Tue Jun 9 23:34:29 CEST 2009


Hi RPMforge.

The swatch package in RPMforge does not seam to run correct on my CentOS 5 
servers.
I upgraded it to 3.2.3 and then it worked.

So, here's a diff agains the version in RPMforge to bump up to release 3.2.3

swatch.patch:
--- swatch.spec 2008-01-24 04:07:36.000000000 +0100
+++ swatch-3.2.3.spec   2009-06-08 13:46:33.000000000 +0200
@@ -1,3 +1,6 @@
+# disable creation of *-debuginfo-*.rpm
+%define debug_package %{nil}
+
 # $Id: swatch.spec 5853 2007-09-20 09:26:51Z dries $
 # Authority: dag

@@ -6,13 +9,16 @@

 Summary: Tool for actively monitoring log files.
 Name: swatch
-Version: 3.1.1
-Release: 1.%{releasetagsuffix}
+Version: 3.2.3
+Release: 1%{dist}
 License: GPL
 Group: Applications/File
 URL: http://swatch.sourceforge.net/

 Source: http://dl.sf.net/swatch/swatch-%{version}.tar.gz
+Source1: swatch-logrotate
+Source2: swatch-rcinitd
+Source3: swatch-example.conf
 Packager: Dag Wieers <dag at wieers.com>
 Vendor: Dries RPM Repository http://dries.ulyssis.org/rpm/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -20,6 +26,8 @@
 BuildArch: noarch
 BuildRequires: perl, perl(Date::Calc), perl(Date::Format)
 BuildRequires: perl(File::Tail), perl(Time::HiRes), 
perl(ExtUtils::MakeMaker)
+BuildRequires: perl(Date::Manip)
+Requires:  %{_sysconfdir}/logrotate.d

 %description
 The Simple WATCHer is an automated monitoring tool that is capable
@@ -43,19 +51,60 @@
 ### Clean up buildroot
 %{__rm} -rf %{buildroot}%{perl_archlib}

+%{__mkdir_p} %{buildroot}%{_initrddir}
+%{__install} -m 0755 %{SOURCE2} %{buildroot}%{_initrddir}/%{name}
+%{__mkdir_p} %{buildroot}%{_sysconfdir}/logrotate.d
+%{__install} -m 644 %{SOURCE1} 
%{buildroot}%{_sysconfdir}/logrotate.d/%{name}
+%{__mkdir_p} %{buildroot}%{_sysconfdir}/swatch
+%{__install} -m 644 %{SOURCE3} 
%{buildroot}%{_sysconfdir}/%{name}/swatch.conf
+
 %clean
 %{__rm} -rf %{buildroot}

+%pre
+/usr/sbin/groupadd -r logreaders &>/dev/null || :
+/usr/sbin/groupadd -r swatch &>/dev/null || :
+/usr/sbin/useradd   -r -s /bin/bash -M -c 'Swatch user' \
+          -d /var/lib/swatch -g swatch swatch &>/dev/null || :
+/usr/sbin/usermod -G logreaders -a swatch &>/dev/null || :
+
+%post
+if [ $1 = 1 ]; then
+    /sbin/chkconfig --add swatch
+    /bin/touch /var/log/swatch.log
+    %{__chmod} 0755 /var/log/swatch.log
+    %{__chown} swatch.swatch /var/log/swatch.log
+    /bin/touch /var/log/swatch-err.log
+    %{__chmod} 0755 /var/log/swatch-err.log
+    %{__chown}  swatch.swatch /var/log/swatch-err.log
+fi
+
+%preun
+if [ $1 = 0 ]; then
+    /sbin/chkconfig --del swatch
+    /usr/sbin/groupdel logreaders
+    /usr/sbin/userdel swatch
+fi
+
+
+
 %files
 %defattr(-, root, root, 0755)
 %doc CHANGES COPYING COPYRIGHT KNOWN_BUGS README examples/ tools/
 %doc %{_mandir}/man?/*
+%{_initrddir}/%{name}
+%config(noreplace) %{_sysconfdir}/%{name}/swatch.conf
+%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
 %{_bindir}/swatch
 %{perl_vendorlib}/Swatch/
 %{perl_vendorlib}/auto/Swatch/
 %exclude %{perl_vendorarch}

 %changelog
+* Mon Jun 08 2009 Bjarne Saltbaek <arnebjarne72 at hotmail.com> - 3.2.3
+- Updated to release 3.2.3.
+- Added init script and logrotate script.
+
 * Sat Apr 22 2006 Dries Verachtert <dries at ulyssis.org> - 3.1.1-1 #5853
 - Updated to release 3.1.1.



and
swatch-logrotate:
/var/log/swatch*.log  {
        daily
        create 0755 swatch swatch
        rotate 7
        compress
}


and
swatch-rcinitd:
#!/bin/bash
#
# swatch Starts swatch.
#
#
# chkconfig: 2345 12 88
# description: $prog is an network monitoring program
### BEGIN INIT INFO
# Provides: $swatch
### END INIT INFO

# Source function library.
. /etc/init.d/functions

# Check for missing binaries (stale symlinks should not happen)
SWATCH_BIN=/usr/bin/swatch
test -x $SWATCH_BIN || exit 5

SWATCH_CONFIG=/etc/swatch/swatch.conf

SWATCH_PID=/var/run/swatch.pid

# Log file to be (s)watched
FILE=[REPLACE WITH FILE TO BE MONITORED]

RETVAL=0
prog="swatch"

start() {
        #check if the swatch conf file is present
        if [ ! -f $SWATCH_CONFIG ]; then
            echo "Configuration file $SWATCH_CONFIG missing" 1>&2
            exit 6
        fi

        #check if the log file is present
        if [ ! -f $FILE ]; then
            echo "Log file $FILE missing" 1>&2
            exit 6
        fi


        if [ -f $SWATCH_PID ]; then
            echo  "Swatch already started."
            exit 1
        fi

        echo $"Starting $prog"
        touch $SWATCH_PID
        chown swatch.swatch $SWATCH_PID
        /bin/su - swatch -c "$SWATCH_BIN --config-file=$SWATCH_CONFIG \
                   --tail-file=$FILE \
                   --tail-args=-F \
                   --awk-field-syntax \
                   --pid-file=$SWATCH_PID \
                   --daemon \
                   >> /var/log/swatch.log \
                   2>> /var/log/swatch-err.log"
        RETVAL=$?
        echo
        return $RETVAL
}
stop() {
        echo $"Shutting down $prog"
        kill `cat $SWATCH_PID`
        RETVAL=$?
        [ $RETVAL -eq 0 ] && rm -f $SWATCH_PID
        echo
        return $RETVAL
}
rhstatus() {
        if [ -f $SWATCH_PID ]; then
            P=`cat $SWATCH_PID`
            ps -p $P > /dev/null
            if [ $? -eq 0 ]; then
                echo "swatch (pid $P) is running..."
            else
                echo "swatch appears dead, but a pid file exists"
                exit 1
            fi
        else
            echo "swatch is stopped"
        fi
}
restart() {
        stop
        start
}
reload() {
        echo $"$prog does not need reloading"
        echo
}
case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  status)
        rhstatus
        ;;
  restart)
        restart
        ;;
  reload)
        reload
        ;;
  condrestart)
        ;;
  *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart}"
        exit 1
esac

exit $?


and
swatch-example.conf:
# Invalid SSH Login Attempts
watchfor /(: [iI]nvalid [uU]ser )(.*)( from )(.*)$/
        throttle threshold=3,delay=0:1:0,key=$4
        mail addresses=admin\@domain.com,subject="SSH:\ Invalid\ User\ 
Access-IPTables\ Rule\ Added"
        exec "/sbin/iptables -A swatch_rejects -s $4 -j DROP"

# Failed SSH Login Attempts
watchfor /(: [fF]ailed password for )(.*)( from )(.*)( port )(.*)$/
        throttle threshold=3,delay=0:1:0,key=$4
        mail addresses=admin\@domain.com,subject="SSH:\ Invalid\ User\ 
Access-IPTables\ Rule\ Added"
        exec "/sbin/iptables -A swatch_rejects -s $4 -j DROP"

# Invalid SSH Login Attempts. Another one - just formed differently
watchfor /([aA]uthentication [fF]ailure for [iI]llegal [uU]ser )(.*)( 
from )(.*)$/
        throttle threshold=3,delay=0:1:0,key=$4
        mail addresses=admin\@domain.com,subject="SSH:\ Invalid\ User\ 
Access-IPTables\ Rule\ Added"
        exec "/sbin/iptables -A swatch_rejects -s $4 -j DROP"
 




More information about the users mailing list