We will need to use the following command to ensure that the required Perl modules are installed: cpan –i module-name The configuration process will tell you if the required modules are missing.Ģ. In order to install these modules, you may be prompted to install additional modules as well. You must first install CPAN and download each module via the CPAN console. Swatch requires multiple Perl modules to be installed in order to function correctly. If you have a fairly new installation of Linux or BSD, then you should have a sufficiently current version.ġ. System reboots criteria: The banner of your OS should appear in the log files only when you reboot.System crashes criteria: The words panic or halt appear in the log files.Bad logins criteria:The words Invalid, Repeated, or Incomplete appear in the message file.The default items that Swatch looks for are a good start. Please note that certain events that are logged have a great significance from a security standpoint. One can consider Swatch as a command line utility and it can be started by issuing a swatch command with various settings after it. Since then, it has evolved into a utility that can monitor just about any type of log. Swatch basically started out as a simple watchdog for actively monitoring the log files produced by UNIX’s syslog facility. This tool can be used to proactively scan log files in real-time for various suspicious activities, error messages or specific keywords. It then takes the necessary action if it finds something that it is configured to look for. It is a Linux tool and it helps in monitoring the log files as they are being written. Swatch can even be configured to watch application-specific log files instead of the general log files that it does by default. However, Swatch can also be used to flag just about any kind of activity: a certain program being used, a certain user logging in, or anything that might appear in a log file. You can configure Swatch to notify you of any events in the messages or syslog files that might indicate a security problem. It can be run in two ways - in the background as a daemon or as a cron job. Note that Swatch is a Perl program that regularly sweeps the main log files and looks for certain keywords that you can define. Either way, it is a helpful program that does your log-watching, and alerts you only when things that you are specifically looking for get logged. Swatch stands for ‘simple watcher’ or ‘Syslog watcher’, depending on whom you ask. It’s a perfect tool for monitoring SSH or denial-of-service attacks on Linux servers, and alerts admins about trouble before it’s too late. Swatch gives systems administrators great log-monitoring options. Though limited in its abilities, Swatch is a very powerful tool to implement alongside other security products to proactively monitor system logs.
0 Comments
Leave a Reply. |