Problem solve Get help with specific problems with your technologies, process and projects.

Log monitoring with swatch

A tool to search log files for interesting stuff.

When you think of Swatch, you probably think of the Swiss watch company. However, for the UNIX community swatch is a venerable active log file-monitoring tool that is written as a Perl script. A variant of the watch command, swatch is both simple and feature-filled. The tool extends tail –f and grep to view records in various log files. To the capabilities of these two commands, swatch adds pattern matching and more response options.

After downloading swatch, unpacking it, and building it, the installation is straightforward. The script runs and determines which log files and capabilities are on your system, then it downloads any modules it needs to support monitoring those files. There is a manual installation, but most people accept the default. If the script doesn't complete itself, you should repeat the installation. After installation, you will find the executable file in the /usr/local/bin directory.

You'll need to create a configuration file for swatch, usually a file called .swatchrc, that is placed in a user's home directory. The distribution comes with sample uses of the command. For example, the watchfor command will find a match for a string; echo and bell show the matches on your screen and ring your bell, and mail will send a record of the match to the UID specified when swatch runs.

Barrie Sosinsky is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.


This was last published in December 2003

Dig Deeper on Campus area network

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.