ICQ rules

["Grotenhuis, Eric" <Eric.Grotenhuis () safelite com>]

Has anyone looked into rewriting the ICQ rule in the present ruleset?  Every
time you open a new ICQ message or receive one, it can kick off up to 10
alerts.  Get a dozen chatty users and you have a LOT of alerts quick.

I'm a rule writing rookie, but maybe we can change the way this works.
Maybe we can create a new rule that only logs the initial auth to ICQ's
servers instead of every time it pulls down a banner?

Just a thought.



Eric Grotenhuis
Network Analyst
Safelite Glass Corp
614.798.2508