# .swatchrc for myers@umich.edu # # Warning: the exec="play..." seems to have a problem with leaving # around lots of unfinished zombie processes. Swatch apparantly does # not do a good job of reaping dead child processes. You may have to # kill and restart swatch from time to time if you like the sounds. ###################################################################### # First, things to IGNORE (including friendlies) # PATTERN ACTION ######################## ############# / sendmail\[\d+\]:.*reject=550.*relaytest\@mail-abuse.org/ ignore ##/ unmount: Permission denied/ ignore ##/ xntpd\[\d+\]:.* synchronized to/ ignore / amd\[\d+\]: / ignore / identd\[\d+\]: / ignore / in.identd\[\d+\]: / ignore / mountd\[\d+\]: / ignore / automount\[\d+\]: / ignore / netinfod\[\d+\]: cannot lookup child/ ignore / last message repeated \d+ times/ ignore / inetd\[\d+\]: auth\/tcp: Exit status/ ignore / ftpd\[\d+\]: FTP session closed/ ignore / rdistd\[\d+\]: .* startup / ignore /(su) session closed for user root/ ignore /arpwatch: flip flop/ ignore /arpwatch: reused old ethernet address 0.0.0.0/ ignore / rpc.mountd: authenticated mount request/ ignore # FRIENDLIES (people/hosts we know & trust): ##/ ROOT LOGIN as 'root' from (xena)/ ignore / su 'root' attempted by 'myers'/ ignore / su\[\d+\]: + ttya0 myers-root/ ignore /session opened for user root.*(uid=5844)/ ignore ###################################################################### # Then, important things to watch for # PATTERN ACTION ######################## ############# /file system full/ echo,bell,mail=root,exec="play /usr/local/lib/sounds/Pips.au" 60 /lbolt/ echo,bell,mail=root,exec="play /usr/local/lib/sounds/Pips.au" 60 /SYN flood/ echo,bell,mail=root,exec="play /usr/local/lib/sounds/Pips.au" 60 /rpc.statd.*request for hostname containing/ echo,bell,mail=root,exec="play /usr/local/lib/sounds/Pips.au" 60 / ALERT/ echo,bell=2 / Warning/ echo,bell / netbus/ echo,bell / BrerFox\[\d+\]/ echo,bell / Authentication failed for root/ echo / su 'root' attempted by/ echo /session opened for user root/ echo ## # Sounds: / feynman printer: offline or intervention needed/ echo,exec="play /usr/local/lib/sounds/Homer.au" 60 / feynman printer:/ echo,exec="play /usr/local/lib/sounds/Ni.au" 60 / reused old ethernet address/ echo,exec="play /usr/local/lib/sounds/Block.au" 60 / sendmail\[\d+\]: NOQUEUE: Null connection/ echo,exec="play /usr/local/lib/sounds/Block.au" 60 / faulty module: / echo,exec="play /usr/local/lib/sounds/Funk.au" 60 / Could not open lock file / echo,exec="play /usr/local/lib/sounds/Funk.au" 60 /telnetd\[\d+\]: refused connect/ echo,exec="play /usr/local/lib/sounds/Funk.au" 60 /FTP LOGIN REFUSED/ echo,exec="play /usr/local/lib/sounds/Funk.au" 60 /ftpd.*tried to upload/ echo,exec="play /usr/local/lib/sounds/Funk.au" 60 /ftpd.*tried to create directory/ echo,exec="play /usr/local/lib/sounds/Funk.au" 60 / authentication refused/ echo,exec="play /usr/local/lib/sounds/Crow.au" 60 / authentication fail/ echo,exec="play /usr/local/lib/sounds/Crow.au" 60 / FAILED LOGIN/ echo,exec="play /usr/local/lib/sounds/Crow.au" 60 / No password entry for uid/ echo,exec="play /usr/local/lib/sounds/Crow.au" 60 / BAD SU/ echo,exec="play /usr/local/lib/sounds/Crow.au" 60 # Catch all: show anything we missed and echo it! /.*/ echo #