On Tue, 26 Oct 2004 14:51:59 +0100, Ivan Ristic <[EMAIL PROTECTED]> wrote: > > Sure, you may need to have some logic to determine what makes > an attack and what not, but you must have the log entry to > begin with so you feed it to the algorithm.
Something I'm still curious about: Was the logging with Apache 1.3 not sufficient (logging only for the timeout error)? It still seems that Apache 2 is going to be logging more than Apache 1.3, which is something that deserves a bit of scrutiny.