Adding a custom unit file RHEL7, for swatch

swatch is a Linux tool for watching (it uses ”tail -f”) log files and then daemonizes it.

I had a need to know when a host needed rebooting after yum-cron had updated the kernel, rather than logging into each host I decided I could make use of ”swatch”, in my case, it watches the ”yum.conf” file for the string ”Installed: kernel”, if the string appears in the log it sends an email out.

First install it

yum install swatch

Next create a swatch directory

mkdir -p /etc/swatch

Create a ”swatch” conf file for what you want to monitor

vi swatch.yum
watchfor /Installed: kernel/
echo bold
mail=root@localhost, subject=”New kernel has been installed – reboot required”

Now create a ”.swatchrc file in ”/root”

touch /root/.swatchrc

You can now test the configuration, you might want to change it to something that is easy to test and validate, ssh logins or something.

swatch –config-file=/etc/swatch/yum.conf –tail-file=/var/log/yum.log –daemon

Check it started

ps -ef | grep swatch

root 1187 1 0 12:59 ? 00:00:00 /usr/bin/swatch –config-file=/etc/swatch/yum.conf –tail-file=/var/log/yum.log –pid-file=/var/run/sw

Ok, so we know it works, so go ahead and kill it to stop it as we need to create a custom unit file (service) so it can start at boot.

kill -15 1187

Because this is systemd you do not need to touch init scripts or anything, but you do need to create a custom unit file, cd to ”/etc/systemd/system”

Next, create your unit file using an editor

vi swatch.service
[Unit]
Description=Swatch Log Monitoring Daemon
After=syslog.target network.target auditd.service sshd.service

[Service]
ExecStart=/usr/bin/swatch –config-file=/etc/swatch/yum.conf –tail-file=/var/log/yum.log –pid-file=/var/run/swatch.pid –daemon
ExecStop=/usr/bin/kill -s KILL $(cat /var/run/swatch.pid)
Type=forking
PIDFile=/var/run/swatch.pid

[Install]
WantedBy=multi-user.target

Now reload it, start it and enabled and check its status.

systemctl daemon-reload
systemctl start swatch.service
systemctl enable swatch.service
systemctl status swatch.service

If all has gone well it should look like this

systemctl status swatch.service
● swatch.service – Swatch Log Monitoring Daemon
Loaded: loaded (/etc/systemd/system/swatch.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2017-10-11 12:59:05 CDT; 39min ago
Main PID: 1187 (/usr/bin/swatch)
CGroup: /system.slice/swatch.service
├─1187 /usr/bin/swatch –config-file=/etc/swatch/yum.conf –tail-file=/var/log/yum.log –pid-file=/var/run/sw
└─1188 /usr/bin/tail -n 0 -F /var/log/yum.log
Oct 11 12:59:03 rhel7-.local systemd[1]: Starting Swatch Log Monitoring Daemon…
Oct 11 12:59:05 rhel7-.local systemd[1]: Started Swatch Log Monitoring Daemon.

 

Advertisements

About hedscratchers

A UK ex-pat now living in the USA.
This entry was posted in Linux & Solaris. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s