perlcode 0 use Sys::Hostname::Long;
perlcode 0 my $host_long = hostname_long;
perlcode 0 my $email=qq(support\@$host_long);
perlcode 0 my $secmail = qq(security\@$host_long);
perlcode my ($month, $day, $time, $host_name, @message) = split(/\s+/); 

watchfor /Your ClamAV installation is OUTDATED/
   mail addresses=$secmail, subject=[swatch] $host_long clamav update

watchfor /^(\S+) - (\S+) \[(.*?)\].*session_login/
   mail addresses=$secmail, subject=[swatch] $host_name usermin login $2 $1

watchfor /entered promiscuous mode/
   mail addresses=$secmail, subject=[swatch] $host_name promiscuous

watchfor /File name too long/
    mail addresses=$email, subject=[swatch] BufferOverflow_attempt

watchfor /DHCPREQUEST/
	mail addresses=postmaster, subject=[swatch] $host_name@message

watchfor /Failed password for.*from\s+(\S+)/
	threshold track_by=$1,type=limit,count=3,seconds=60
   	mail addresses=$secmail, subject=[swatch] $host_name@message

watchfor /Accepted password for root.*from\s+(\S+)/
   mail addresses=$secmail, subject=[swatch] $host_name ssh password $1

watchfor /Accepted publickey for root.*from\s+(\S+)/
   mail addresses=$secmail, subject=[swatch] $host_name ssh publickey $1

watchfor /Invalid login as admin/
   mail addresses=$secmail, subject=[swatch] $host_name@message
   
watchfor /Invalid login as mainadmin/
   mail addresses=$secmail, subject=[swatch] $host_name@message

watchfor /Successful login as mainadmin/
   mail addresses=$secmail, subject=[swatch] $host_name@message

watchfor /DeliveryErrors/
   mail addresses=postmaster, subject=[swatch] Postfix_Delivery_Errors

watchfor /file system full/
    mail addresses=$email, subject=[swatch] $host_name@message

watchfor /refused connect from\s+(\S+)/
	threshold track_by=$1,type=limit,count=3,seconds=60
   	mail addresses=$secmail, subject=[swatch] $host_name@message