David Monk on Tue, Jan 15, 2002 at 01:25:11PM -0600: Hi David,
It would be great to get paged when the same host repeated gets a DENY to the same resource. One or two attempts at the same resource could very easily be accidental in one way or another, but repeated attempts at the same resource from the same host might deserve a little more attention.
I think you will always have to implement this sort of logic with log analysis tools. I don't think syslog-ng is headed to become one, and I appreciate this, too. Doing one job very well. syslog-ng is my favorite log "sink" ... any analysis to be done with the resulting files is done with appropriate other tools. Try swatch, log- surfer et al. Regards, -- ____ ____ / _/| - > Gregor Binder <gb@(rootnexus.net|sysfive.com)> | / || _\ \ \__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B