Hello, While my previous post was about Windows, we did not forget about our UNIX/Linux users :) I'd like to extend our pattern database with new patterns. So I have some related questions: - Until now we dealt mostly with login/logut events of different applications, as this is one of the most interesting information on servers. Is it OK with you, or we should cover also other events? (Which?) - Which applications are you mostly interested in? - Creating logs in a "lab" environment just for pattern creation is very time consuming. It would be very helpful for us, if you could send logs in exchange for patterns. Just make sure, that there is no sensitive data left in the logs, as the result will be published to make it available for the whole syslog-ng community. I published a blog ( http://czanik.blogs.balabit.com/2010/11/log-sample-collecting-project/ ), how I collect logs for pattern creation, but of course, any logs are welcome! Bye, -- Peter Czanik (CzP) <czanik@balabit.hu> BalaBit IT Security / syslog-ng upstream http://czanik.blogs.balabit.com/