Anyone using Email alerts for Suricata events?

I used the Search Function here and Swatch Wiki -Simple Log Analyzer

System-Mailservice - test email is working fine.

but still I can’t get my Email alerts working:

This is my progress so far

• System-Mail service is working OK

• /var/ipfire/suricata/swatchrc

watchfor /Priority: ([1|2])/
echo=normal
mail=trishxxxx@email.com,subject=[Suricata] Priority $2 Alert

• /etc/sysconfig/rc.local

/usr/bin/swatch --daemon -c /var/ipfire/suricata/swatchrc --input-record-separator=‘\n\n’ -t /var/log/suricata/fast.log

fast.log is full of Priority 2 alerts but I am not receiving any email alerts.

I looked at all possible System Logs but can’t find any reference to swatch,

I would appreciate any suggestions.

Just an update:

After 2 weeks of running, there seems to be absolutely nothing in the log to indicate that swatch found something or sendmail sent anything out.
grep comes back empty

grep sendmail /var/log/messages

grep swatch /var/log/messages

Just a quick update:

After upgrading to Core 164 and having some issues I noticed this
FAIL after reboot,

/etc/rc.d/rc3.d/S98rc.local: line 25: /usr/bin/swatch: No such file or [ FAIL ]y
FAILURE:

You should not be reading this error message.

 It means that an unforeseen error took place in /etc/rc.d/rc3.d/S98rc.local, which exited with a return value of 127.

If you're able to track this error down to a bug in one of the files provided by ipfire, please be so kind to inform us at https://bugzilla.ipfire.org.

This is the line that’s causing issues

 /usr/bin/swatch --daemon -c /var/ipfire/suricata/swatchrc --input-record-separator='\n\n' -t /var/log/suricata/fast.log