Date parsed: 2/24/2000 10:59:23 PM
Date: Thu, 24 Feb 2000 21:59:23 +0200
Hey all,
I am playing around sl4nt and I am having some trouble... For example, =
I
have setup our VPN box's syslog host to target my machine for debug
messages. I have setup a rule on sl4nt (which is running on my machine) =
to
receive messages. The Priority is set to Min: Debug, Max: Emergency. =
The
Destination IP is my machines address, and the Source IP is that of the =
VPN
interface. I am not too clear as to what I should enter in the =
Substring
field. Should I enter the exact debug message or a portion of what =
appears
on the console if I am viewing debug messages? For example, if =
interface 0
drops, and the debug message is: "[debug] int 0 disconnected," can I put =
in
the substring field "int;disconnected" ..which then causes the action to
alert me? Let me know if I have everything straight or if I am missing
something. Thanks!
Russ..