On Thursday, February 23, 2006, 5:48:55 AM, Kevin wrote: KR> So when I asked how I would send in false positives, someone mentioned KR> that I should look up the appropriate log entry and send that in. That KR> brings up another question. My log file is 270MB and climbing. I've KR> never opened it cause it's too big. Do you have a reader for your log KR> files?
I recommend you delete your current log - or at least set it aside until you've completed work on the FPs in question. There are editors out there (I like slickedit) that will handle files that large. That said, your log file should never get that large. You should rotate it out and send it to us once a day or so. There are some scripts to handle that for you: http://www.sortmonster.com/MessageSniffer/Help/AutomatingUpdatesHelp.html Details about your log file are here: http://www.sortmonster.com/MessageSniffer/Help/LogsHelp.html KR> I think it would be nice to have a little list of things to do to send KR> in false positives: KR> 1. Have your users send you the false positive. Save it as an .eml file (?) KR> 2. Look up (somehow) the entry in your log file that corresponds to that KR> .eml file. Copy and paste that text into a new email. KR> 3. Send an email from your primary Sortmonster email address, attaching KR> the .eml file and any log portion as necessary. KR> Is this correct? Everything you want to know about false positives (most likely) is on this page - including step by step instructions: http://www.sortmonster.com/MessageSniffer/Help/FalsePositivesHelp.html _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
