help with interpreting log

[<tonycowling () sympatico ca>]

for example I have these type logs from hotmail
 
[**] (http_inspect) DOUBLE DECODING ATTACK [**]

what more should I include for someone to shed light on an example log?
Is this something to be concerned about other than the fact that it is hotmail for example?

I also have entries that start with:
[**] (portscan) Open Port [**]

Looks like a connection started by someone within my network.
What is the best way to start to get info on interpreting logs?




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users