Jason Haar wrote: > On Mon, Sep 29, 2003 at 09:47:47AM -0400, Jesse Guardiani wrote: >> Why not? I think it's useful to log the TCPREMOTEHOST and TCPREMOTEIP. >> That way you can be 100% sure that a virus is coming from a computer >> on your local network, and that it's not forged. > > That's what the RC:[01] value is for!!!
Yeah, great. I know it came from a local network. But what IP address? What user? I can't answer those questions without an IP address/host name. > BTW: syslog records can not be infinite in length. That's why a lot of > information is never going to show up in the Q-S logs. There just isn't > room... Sure. Perhaps we should allow logging to be customized then. That wouldn't be too hard to do with Perl. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
