Im looking for something that allows me to be alerted when I get a scan or connection fail/attempt from a particular ip (one I would like to specify). I would like to be able to do it through the alerts stuff but it doesn't allow it. I have thought of logging to a database and writing a query that pulls that info and mails me when it happens, but that is somewhere I will only go if I really need to.. I'm eyeing Jim here with the possibility that a script can do it, but im not sure.. Any suggestions.. G