Date: Thu, 24 Feb 2000 21:59:23 +0200

Hey all,

I am playing around sl4nt and I am having some trouble... For example, =

I

have setup our VPN box's syslog host to target my machine for debug

messages. I have setup a rule on sl4nt (which is running on my machine) =

to

receive messages. The Priority is set to Min: Debug, Max: Emergency. =

The

Destination IP is my machines address, and the Source IP is that of the =

VPN

interface. I am not too clear as to what I should enter in the =

Substring

field. Should I enter the exact debug message or a portion of what =

appears

on the console if I am viewing debug messages? For example, if =

interface 0

drops, and the debug message is: "[debug] int 0 disconnected," can I put =

in

the substring field "int;disconnected" ..which then causes the action to

alert me? Let me know if I have everything straight or if I am missing

something. Thanks!

Russ..