I've thought of it before and it is OK if that is what you want. For me, it's more important to know which services are "requested". The host report shows the offending addresses anyway; if you have an "incident" in the "Blocked Packet Report", you can find the address by the "last time" in the host report.
What you want is a detailed list of suspects with IP address and probed port. There are many firewall log summary programs for that; I wasn't happy with them as I don't see "the big picture" in such a report.
You are right, we could make it an option. That would break some reports, however; Analog is very flexible but it simply has no concept of what it should do with an IP address if it is not the requesting host but the requested target, for example.
-- _________________________________________________________________ Balázs Bárány balazs~AT~tud.at http://tud.at ICQ 10747763 Computers. You can't live with them, you can't live without them.
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 22:22:03 CEST