Hello Andrew, Tuesday, June 17, 2008, 4:41:41 PM, you wrote:
> Thanks, Pete. > I had very few actual hits; I have lots of lines that indicate the rule > panic in place, but the number of actual hits is quite small. > How I found my hits: > cd /d C:\MessageSniffer > gawk "($6 == \"Final\") && ($7 == 1940812)" *.20080617.log I haven't checked telemetry yet -- still very busy here battling the stock-push spam & other storms. However, you were likely protected by the Auto-Panic feature in the new SNF. The first time the bad rule hit a message with an IP source in the white range it would have been automatically added to your node's internal panic list rendering it inert. That probably explains why you have very few hits. Best, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
