Swatchdog - Mai duba Fayil Mai Sauƙi a cikin Lokaci-lokaci a cikin Linux

Swatchdog (Simple WATCH DOG) rubutu ne mai sauƙi na Perl don sa ido kan fayilolin log masu aiki akan tsarin Unix kamar Linux. Yana kallon rajistan ayyukanku bisa la'akari da maganganun yau da kullun waɗanda zaku iya ayyana cikin fayil ɗin sanyi. Kuna iya sarrafa shi. daga layin umarni ko a bango, ware daga kowane tasha ta amfani da zaɓin yanayin daemon.

Lura cewa asalin shirin ana kiransa swatch (“Mai kallo Mai Sauƙi”) amma buƙatar da tsohon kamfanin agogon Switzerland ya nemi a canza suna ya ga mai haɓakawa ya canza sunansa zuwa swatchdog.

Mahimmanci, swatchdog ya girma daga rubutun don kallon rajistan ayyukan da Unix's syslog facility ke samarwa, kuma yana iya saka idanu kusan kowane irin rajistan ayyukan.

Yadda ake Sanya Swatch a cikin Linux

Ana samun swatchdog na kunshin don shigarwa daga wuraren ajiyar kayan aiki na yau da kullun na rarraba Linux azaman fakitin “swatch” ta mai sarrafa fakiti kamar yadda aka nuna.

$ sudo apt install swatch	[On Ubuntu/Debian]
$ sudo yum install epel-release && sudo yum install swatch	[On RHEL/CentOS]
$ sudo dnf install swatch	[On Fedora 22+]

Don shigar da mafi yawan sabon sigar swatchdog, kuna buƙatar tattara shi daga tushe ta amfani da bin umarni a cikin kowane rarraba Linux.

$ git clone https://github.com/ToddAtkins/swatchdog.git
$ cd swatchdog/
$ perl Makefile.PL
$ make
$ sudo make install
$ sudo make realclean

Da zarar kun shigar da swatch, kuna buƙatar ƙirƙirar fayil ɗin sanyi (tsohuwar wurin shine/gida/$USER/.swatchdogrc ko .swatchrc), don sanin nau'ikan nau'ikan sifofi don nema da wane nau'in aiki (s) yakamata ya kamata. a ɗauka lokacin da aka daidaita tsari.

$ touch /home/tecmint/.swatchdogrc
OR
$ touch /home/tecmint/.swatchrc

Ƙara bayanin ku na yau da kullun a cikin wannan fayil ɗin kuma kowane layi yakamata ya ƙunshi maɓalli da ƙima (wani lokaci na zaɓi), ware ta sarari ko alamar (=) daidai. Kuna buƙatar ƙididdige tsari da aikin (s) da za a ɗauka lokacin da aka daidaita.

Za mu yi amfani da fayil ɗin sanyi mai sauƙi, zaku iya samun ƙarin zaɓuɓɓuka a cikin shafin mutum na swatchdog, alal misali.

watchfor  /sudo/
	echo red
	[email , subject="Sudo Command"

Anan, furcin mu na yau da kullun shine kirtani ta zahiri - sudo, yana nufin duk lokacin da sudo kirtani ya bayyana a cikin fayil ɗin log ɗin, za a buga shi zuwa tashar tasha a cikin jajayen rubutu kuma wasiƙa ta ƙayyade matakin da za a ɗauka, wanda shine sake maimaita abin da ya dace. tsari akan tashar kuma aika saƙon e-mail zuwa ƙayyadadden adireshin, karɓa.

Bayan kun saita shi, swatchdog yana karanta fayil ɗin log /var/log/syslog ta tsohuwa, idan wannan fayil ɗin ba ya nan, yana karanta /var/log/messages.

$ swatch     [On RHEL/CentOS & Fedora]
$ swatchdog  [On Ubuntu/Debian]

Kuna iya ƙayyade fayil ɗin sanyi na daban ta amfani da tutar -c kamar yadda aka nuna a misali mai zuwa.

Da farko ƙirƙiri kundin adireshi na swatch da fayil.

$ mkdir swatch
$ touch swatch/secure.conf

Na gaba, ƙara saitin mai zuwa a cikin fayil ɗin don saka idanu da gazawar yunƙurin shiga, gazawar yunƙurin shiga SSH, nasarar shiga SSH daga fayil ɗin log /var/log/amintaccen.

watchfor /FAILED/
echo red
[email , subject="Failed Login Attempt"

watchfor /ROOT LOGIN/
echo red
[email , subject="Successful Root Login"

watchfor /ssh.*: Failed password/
echo red
[email , subject="Failed SSH Login Attempt"

watchfor /ssh.*: session opened for user root/ 
echo red
[email , subject="Successful SSH Root Login"

Yanzu gudanar da Swatch ta hanyar tantance fayil ɗin daidaitawa ta amfani da -c da fayil ɗin shiga ta amfani da tutar -t kamar yadda aka nuna.

$ swatchdog -c ~/swatch/secure.conf -t /var/log/secure

Don gudanar da shi a bango, yi amfani da tutar --daemon; a cikin wannan yanayin, an ware shi daga kowane tasha.

$ swatchdog ~/swatch/secure.conf -t /var/log/secure --daemon

Yanzu don gwada daidaitawar swatch, gwada shiga cikin uwar garken daga tashar tashoshi daban-daban, kuna ganin fitowar mai zuwa da aka buga zuwa tashar inda Swatchdog ke gudana.

*** swatch version 3.2.3 (pid:16531) started at Thu Jul 12 12:45:10 BST 2018

Jul 12 12:51:19 tecmint sshd[16739]: Failed password for root from 192.168.0.103 port 33324 ssh2
Jul 12 12:51:19 tecmint sshd[16739]: Failed password for root from 192.168.0.103 port 33324 ssh2
Jul 12 12:52:07 tecmint sshd[16739]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jul 12 12:52:07 tecmint sshd[16739]: pam_unix(sshd:session): session opened for user root by (uid=0)

Hakanan zaka iya gudanar da matakan swatch da yawa don saka idanu fayilolin log iri-iri.

$ swatchdog -c ~/site1_watch_config -t /var/log/nginx/site1/access_log --daemon  
$ swatchdog -c ~/messages_watch_config -t /var/log/messages --daemon
$ swatchdog -c ~/auth_watch_config -t /var/log/auth.log --daemon

Don ƙarin bayani, duba shafin swatchdog man.

$ man swatchdog

Wurin ajiya na Swatchdog SourceForge: https://sourceforge.net/projects/swatch/

Waɗannan ƙarin wasu ƙarin jagororin sa ido kan log ɗin waɗanda za ku sami amfani:

  1. Hanyoyi 4 don Kallon ko Kula da Fayilolin Log in Real Time
  2. Yadda ake Ƙirƙirar Sabar Log ta Tsakiya tare da Rsyslog
  3. Mai lura da Sabar sabar a cikin ainihin lokaci tare da kayan aikin Log.io
  4. lnav - Kalli kuma Yi nazarin Logs Apache daga Tashar Linux
  5. ngxtop - Kula da Fayilolin Log na Nginx a cikin Ainihin Lokaci a Linux

Swatchdog kayan aiki ne mai sauƙi na saka idanu na fayil ɗin log don tsarin Unix kamar Linux. Gwada shi kuma ku raba ra'ayoyinku ko yin tambayoyi a cikin sashin sharhi.