On December 15, 2003 07:04 am, GDHough wrote:

After I get the common ports catalogued, I hope to use diff to find what's left-over and flag those lines with same source and destination ports. Can I simplify the above and thus remove much of the sleep in the script?

Yes, use logcheck (or similar) program to do the job for you.

Shouldn't grep DPT=22\> work? That's what I'm seeing in the man page.

You are searching for DPT=22> ... there is no > in the iptables. You could search for port number followed by a space. grep 'DPT=22 ' /var/log/messages -- Fraser Campbell <fraser-Txk5XLRqZ6CsTnJN9+BGXg at public.gmane.org> http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux -- The Toronto Linux Users Group. Meetings: http://tlug.ss.org TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml