# A Swatch configuration file for flagging certain
# suspicious log entries
# in.telnetd login failures
watchfor = /LOGIN FAILURES/
	mail=lstein
# su login failures
watchfor = /FAILED SU/
	mail=lstein
	bell=3
	echo=underscore
# in.telnetd login as root
watchfor = /ROOT LOGIN/
	bell=3
	echo=bold
	exec=/usr/sbin/ppp-off