SingleWithThreshold definitely throws away anything after the threshold of 5 is hit for the next 60 seconds. So you'd need to use a different kind of rule, I think. I'm not sure what, though. You could do it with some kind of external script that went and grabbed the lines from the original log file, but I'm not sure that is ideal.
Marty On Aug 2, 2010, at 4:06 PM, Jeff Schroeder wrote: > So after 5 events, a FIREWALL_BRUTE_FROM_220.136.15.64 context is > created. After 60 seconds have passed, it will shoot out an email. The > contents of that email contains the very first of the first 5 events, > and then anything that follows after the original context is created. ----------------------------------------------------------- Marty Hoff RGM Advisors 512-807-5512 [email protected] +1 512 807-5999 (operations hotline) +1 512 775-8422 (mobile) Always remember you're unique, just like everybody else. ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
