#
# Swatch configuration file for constant monitoring
#

watchfor   /Sense Key: Media Error/
	echo
	exec echo $0 | mail -s\"syslog alert: disk errors\" oncall\\@example.com
        throttle 30:00

# disk errors
watchfor   /out of inodes/
	echo
	exec echo $0 | mail -s\"syslog alert: out of inodes\" oncall\\@example.com
        throttle 30:00

# errors from stunnel
watchfor   /stunnel.*: .*Connection refused/
	echo
	exec echo $0 | mail -s\"stunnel problems\" oncall\\@example.com
        throttle 30:00

# attack alerts from portsentry
watchfor   /attackalert:/
	echo
	exec echo $0 | mail -s\"ATTACK alert\" oncall\\@example.com
        throttle 5:00

# page generator down on news FE's
watchfor   /Unable to connect to PageGenerator/
	echo
	exec echo $0 | mail -s\"page generator down on news box\" oncall\\@example.com
        throttle 30:00

# disk troubles logged by apache
watchfor   /No space left on device/
	echo
	exec echo $0 | mail -s\"Disk space troubles reported by apache\" oncall\\@example.com
        throttle 30:00

# memory errors on sun boxen
watchfor   /no swap space/
        echo
	exec echo $0 | mail -s\"one of yo boxes is outta swap space\" oncall\\@example.com
        throttle 30:00

# BIND zone errors
watchfor   /rejected due to errors/
        echo
	exec echo $0 | mail -s\"Some fool fubar'd a zone file\" oncall\\@example.com
        throttle 30:00

# This alerts on failed su attempts. This can get annoying if you have a lot
# of boxes and users.

watchfor   /\'su root\' failed/
        echo bold
#       mail =oncall\@example.com,subject=Failed root password for su
        exec echo $0 | mail -s\"security alert, some chump trying to su to root\" oncall\\@example.com
        throttle 30:00