I was pulling my hair out earlier today trying to figure out why my swatch config was not working. I had what I thought was a very basic configuration. It looked something like this
watchfor /Virus Found/ pipe /usr/local/.../tissue.pl pipe /usr/bin/python2.7 /opt/script.py --alerts=/tmp/avalerts.txt
Simple. Well, it wasn’t working.
With the –dump-script argument to swatch, I saw that it was making a swatchrc script that looked like this
Swatch::Actions::send_message_to_pipe('ALERTS' => "/tmp/avalerts.txt", 'COMMAND' => ""
What the hell.
It eventually dawned on me that the “ALERTS” key was due to me saying “–alerts=/blah” in my pipe command. Swatch documentation says that
“The keyword and value are separated by space or an equal (=) sign.”
Well, it looks like it was ignoring my first space (after the pipe word) and finding the equal sign at the end of the line.
The solution was to just remove the equal sign from my pipe command.