I'm a newbe to logcheck and need some help writing a rule.<br><br>Here's the output I'm trying to block:<br><br>Nov 1 09:11:52 m0n0wall ipmon[79]: 09:11:52.330133 xl0 @100:3 p <a href="http://192.168.2.201">192.168.2.201
</a>,1900 -> <a href="http://239.255.255.250">239.255.255.250</a>,1900 PR udp len 20 291 K-S IN<br><br>And here's my rule in /etc/logcheck/violations.ignore.d/local-m0n0<br><br>^\w{3} [ :0-9]{11} m0n0wall ipmon\[[0-9]+\]: [0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{6} xl0 @100:3 p 0-9]\.[0-9]\.[0-9]\.[0-9],1900 -> [0-9]\.[0-9]\.[0-9]\.[0-9],1900 PR udp le9n 20 291 K-S IN$
<br><br>The rule is on one line in the single file (it's the only rule in the file)<br><br>I've tested it using:<br><br>sed -e 's/[[:space:]]*$//' /var/log/syslog | egrep '^\w{3} [ :0-9]{11} m0n0wall ipmon\[[0-9]+\]:
[0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{6} xl0 @100:3 p
0-9]\.[0-9]\.[0-9]\.[0-9],1900 -> [0-9]\.[0-9]\.[0-9]\.[0-9],1900 PR
udp le9n 20 291 K-S IN$'<br><br>and it prints out the data I wish to block.<br><br>Anyone have any ideas?<br><br>Thanks,<br><br>Denis<br><br>