freebsd swatch installation



  • Unless someone suggests another way, I'd like to install swatch on our pfsense 2.3.4 Rp2 to monitor syslog output for a specific string so I can execute a netstat command at that instant to find the culprit hex pcb/process of a sonewconn issue we are seeing.

    I've downloaded swatch using fetch from pkg.freebsd.org/FreeBSD:11:amd64/quarterly/All/swatch-3.2.3_3.txz.
    I've unpacked it and unzipped it using xz and tar. I unpacked into root's /root folder just to see what I get. It looks like a compiled version and I should unpack it into / instead of /root but I'm reluctant to do that in my production/live machine so am asking y'all for some guidance on getting swatch installed to make sure it's done correctly. The other documentation I've seen for swatch was installing it from source (make) and also see mention of the /usr/ports/security/swatch but there's no portsnap installed. Or,if I should even at all try to get swatch running on this pfsense box. Any input is appreciated.


  • Netgate Administrator

    There are a whole bunch of dependencies for that you would have to also add. Installing FreeBSD packages directly is usually OK but not without risk. It might overwrite something that pfSense uses a modified version of.
    If you do this you should certainly test it on something non-critical first.

    [2.4.4-RELEASE][admin@5100.stevew.lan]/root: pkg add http://pkg.freebsd.org/FreeBSD:11:amd64/release_2/All/swatch-3.2.3_3.txz
    Fetching swatch-3.2.3_3.txz: 100%   27 KiB  27.9kB/s    00:01    
    Installing swatch-3.2.3_3...
    pkg: Missing dependency 'p5-Date-Calc'
    
    Failed to install the following 1 package(s): http://pkg.freebsd.org/FreeBSD:11:amd64/release_2/All/swatch-3.2.3_3.txz
    

    Steve



  • Totally agree on the approach. I'll try it on my spare first. Thanks for the info.


Log in to reply