popularity-contest

[R Kimber]

On Thu, 29 Mar 2007 14:47:15 +0100
Tony Arnold wrote:

> > The rules were set up by Firestarter and the info is reported by
> > logcheck.  The Canonical IP is not always the same, so it's hard
> > find a regex that can be used in a logcheck filter
> 
> I've not used logcheck, but could you get it to look for the SYN ACK
> at the end of the log message?

But would that exclude any messages that I ought to see, or are all
such messages always harmless?

- Richard
-- 
Richard Kimber
http://www.psr.keele.ac.uk/