Hi, I just tried this (sid) and couldn't reproduce it. I run
echo 'Jan 15 18:12:30 kiezmar kernel: gShield (default drop) IN=eth0 \ OUT= MAC=<the_mac_address> SRC=61.184.107.7 DST=83.14.195.50 LEN=40 \ TOS=0x00 PREC=0x00 TTL=103 ID=256 PROTO=TCP SPT=58588 DPT=3306 \ WINDOW=16384 RES=0x00 SYN URGP=0' >> /var/log/messages (That's your log entry with today's time) And after the second run (alert_threshold=2) the response_script was executed: Jan 15 18:13:38 var fwlogwatch: ALERT: 2 attempts from 61.184.107.7 Are you using -E option? What are the parameters for your -P option? Thanks, Alberto -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
