Hi All, The summary reports that are emailed hourly contain service listings (e.g. port 80 HTTP). Are there processors that match the service to the port based upon packets seen or is this just based off of /etc/services or the like? I ask as syslog is being noted on port 514 but not being noted as syslog. Cheers, Harry