Date parsed: 2/25/2000 12:04:57 AM
Date: Thu, 24 Feb 2000 23:04:57 +0200

Your rule description, including the substring specification (as long as
'regular expression' is un-checked), seems to be correct.
What kind of trouble do you have? Are no syslog messages processed? Do =
the
following: Define a new rule without any explicit condition and =
associate an
action (log to file) with it. By doing this you can check if SL4NT is
receiving any messages and by looking into the log file you may maybe =
detect
why your explicit conditions are not correct. You can also use perf =
counters
to verify if syslog messages are received.

Franz


"Russell Lusignan" <russell.lusignan@allianceatlantis.com> wrote in =
message
news:C1CEE8E342DDD111A5720020AFE7798F170FB8@is1.netal.com...
> Hey all,
>
> I am playing around sl4nt and I am having some trouble... For =
example, I
> have setup our VPN box's syslog host to target my machine for debug
> messages. I have setup a rule on sl4nt (which is running on my =
machine)
to
> receive messages. The Priority is set to Min: Debug, Max: Emergency. =
The
> Destination IP is my machines address, and the Source IP is that of =
the
VPN
> interface. I am not too clear as to what I should enter in the =
Substring
> field. Should I enter the exact debug message or a portion of what
appears
> on the console if I am viewing debug messages? For example, if =
interface
0
> drops, and the debug message is: "[debug] int 0 disconnected," can I =
put
in
> the substring field "int;disconnected" ..which then causes the action =
to
> alert me? Let me know if I have everything straight or if I am =
missing
> something. Thanks!
>
> Russ..
>