Now that swatch is installed, it needs to be configured. We need to create a ${HOME}/.swatchrc Ours will be simple, but for more options type: man swatch

Make it look like:

# Swatchrc file for monitoring Squid Proxy access.log to see what people are doing.
#
# This will check for any url's with microsoft, suretecsystems, hotmail, msn or bearshare in the
# title. It will then send and e-mail with a subject of '----PLEASE INVESTIGATE----
                                                                                                                            
watchfor   /NONE/
        mail=scott.forbes@suretecsystems.com, subject=----PLEASE INVESTIGATE----
        throttle 10:00:00
	

This constantly monitors the /var/log/squid/access.log logfile and checks for the word NONE (the word NONE is written to the access.log file when a banned url is visited) and then sends an email to scott.forbes@suretecsystems.com with the given subject.

Start it by typing: swatch --config-file=/root/.swatchrc --tail-file=/var/log/squid/access.log & or if you want it to start at boot time, then enter the following into /etc/rc.d/rc.local

swatch --config-file=/root/.swatchrc --tail-file=/var/log/squid/access.log &
	

You can't simplier than that.