swatchrc file
#
# Run with the command:
#    swatch -c /etc/swatchrc -t /var/log/messages 
#

### Alerts from the portscanner
/PORTSCAN DETECTED/	echo=bold,mail=admin,subject=*** Port Scan Alert ***,exec=echo $0 >> /var/log/IDS-scans

### Bad login attempts
/failed/	echo=bold,mail=root,subject=Failed Authentication

### Someone is sniffing!
/promiscuous/	echo=bold,mail=root,subject=Someone is sniffing the network!

### Ignore this stuff
/sendmail/,/nntp/,/xntp|ntpd/,/faxspooler/	ignore


### Kernel problems or system reboots
/(panic|halt|SunOS Release)/ echo=bold,mail=root,subject=System Panic,Halt, or Reboot!

/file system full/	echo=bold,mail=root,subject=File system Full	01:00

/su:/	echo=bold,mail=root,subject=Someone su'ed to root access