The Simple Event Correlator (sec) is a Perl-based logfile scanner that can execute commands once a string is matched via regex. This guide is an example of how it could be used to make your computer speak once certain strings are detected in certain logfiles.

On Debian:

aptitude install sec espeak

sec needs to know what logfiles to monitor, under Debian the daemon invocation can be found at /etc/default/sec and it contains the start-up parameters for sec:

#Defaults for sec
RUN_DAEMON="yes"
DAEMON_ARGS="-conf=/etc/sec.conf -input=/var/log/auth.log -input=/var/log/syslog -pid=/var/run/sec.pid -detach -syslog=daemon"

you can specify multiple -input parameters for every logfile you want sec to watch.

The next step is to configure the pattern matching and the shell commands. The configuration file is commonly placed at /etc/sec.conf.

The following example will monitor /var/log/auth.log and match:

Accepted password for (.*?)\s.*

using regular expressions. If sec manages to match a line using that regular expression it will then execute /usr/bin/espeak -v en-us -p 45 -s 125 -k10 -a 150 "$1 has logged-in." where $1 is a substitution for what was matched in the regex group (.*?) - this regex tries to extract the user name.

The full example block that would go in /etc/sec.conf is the following:

# Accepted Password.
type=Single
ptype=RegExp
pattern=Accepted password for (.*?)\s.*
desc=$0
action=shellcmd /usr/bin/espeak -v en-us -p 45 -s 125 -k10 -a 150 "$1 has logged-in."

You can have as many blocks configured as you want.