I am getting messages like this, 24 hours a day:

10.19.95.128/10.19.95.128 to UDP port: 69
Nov 20 23:05:30 cross portsentry[4086]: attackalert: Host:
10.19.95.128/10.19.95.128 is already blocked Ignoring

I REALLY want to block them from appearing in my logcheck messages. Now I get pages of mail and I am going to miss a real attack. This is already blocked, so it is about all I can do there. How can I prevent logcheck from reporting it?

Thanks!

Originally posted by bubba:

I am getting messages like this, 24 hours a day:

10.19.95.128/10.19.95.128 to UDP port: 69
Nov 20 23:05:30 cross portsentry[4086]: attackalert: Host:
10.19.95.128/10.19.95.128 is already blocked Ignoring



To stop logcheck from reporting attacks that are already blocked you would add:

*portsentry*:*is already blocked*

To /usr/local/etc/logcheck.ignore

This should prevent these messages from appearing, if you need any more help you can email me at Ice0@btinternet.com

---
Ciao, Jamie
Ice0@btinternet.com
Power to the penguin!

Thanks, I tried that, but I still get these messages:

Nov 30 08:01:51 cross portsentry[4086]: attackalert: UDP scan from host:
10.19.49.192/10.19.49.192 to UDP port: 69
Nov 30 08:01:51 cross portsentry[4086]: attackalert: Host:
10.19.49.192/10.19.49.192 is already blocked Ignoring

Anything else I can try to prevent these from being reported? I even tried adding this:

is already blocked Ignoring
and
Ignoring

To my logcheck.violations.ignore file.