Configuring SWATCH

On AUTH1

1. Create the configuration file for swatch:

	- Edit /usr/local/etc/swatch.conf -- use TAB and not SPACE
	  for the lines below "watchfor"!

- - - - - - - - - - - - - - cut below - - - - - - - - - - - - -

watchfor /client ([0-9A-F.:]+)\D\d+: transfer of '(.*)\/IN': .XFR/
	mail=adm,subject=Zone AXFR
	threshold type=limit,count=1,seconds=600

- - - - - - - - - - - - - - cut above - - - - - - - - - - - - -


2. Enable the mail server

	- Add to /etc/rc.conf

	postfix_enable="YES"

	# newaliases
	# /usr/local/etc/rc.d/postfix start

3. Try sending mail to yourself

	- First become the adm user:

	# su - adm

	- Now send yourself an email:

	$ echo hello | mail adm@auth1.grpX.ws.nsrc.org

	- See if the mail has arrived:

    	$ mutt -f /var/mail/adm

4. Start swatch:

	- Be sure you are the root user again:

	$ exit

	# swatch -c /usr/local/etc/swatch.conf --tail-file=/etc/namedb/log/transfers --daemon

    	# ps axuww | grep swatch

  	- You should see a line like the following:

   root 58811  0.0  0.0 11500  2124   5  RJ   11:41AM   0:00.02 /usr/local/bin/perl /usr/local/bin/swatch -c /usr/local/etc/swatch.conf --tail-file=/etc/namedb/log/transfers --daemon

7. Ask another group to perform a zone transfer of your zone:

	From their machine:

	# dig @auth1.grpX.ws.nsrc.org YOURTLD axfr		(where X is YOUR group)

	Q: do they get a copy of your zone ?
	Q: do you get an email about it ?

8. Check that mails are coming in:

    	# mutt -f /var/mail/adm
	
   	Note the information contained in the message.