--- /usr/local/bin/pflogsumm	Sun Dec 30 15:00:19 2007
+++ /usr/local/bin/pflogsumm2	Sat Mar 15 00:37:57 2008
@@ -16,7 +16,7 @@
 	[--problems_first] [--rej_add_from] [--no_bounce_detail]
 	[--no_deferral_detail] [--no_reject_detail] [--no_no_msg_size]
 	[--no_smtpd_warnings] [--zero_fill] [--syslog_name=string]
-	[file1 [filen]]
+	[--limit_abs=<n>] [--limit_rel=<n>] [file1 [filen]]
 
     pflogsumm.pl -[help|version]
 
@@ -76,6 +76,13 @@
 		   use ISO 8601 standard formats (CCYY-MM-DD and HH:MM),
 		   rather than "Mon DD CCYY" and "HHMM".
 
+    --limit_abs=<n>
+    --limit_rel=<m>
+    
+                   For every group only show details on those lines which
+                   occur at least <n> times and contribute at least <m> percent
+                   to the group total.
+
     -m             modify (mung?) UUCP-style bang-paths
     --uucp_mung
 
@@ -363,7 +370,7 @@
 my $hasDateCalc = $@ ? 0 : 1;
 
 my $mailqCmd = "mailq";
-my $release = "1.1.1";
+my $release = "1.1.1mod";
 
 # Variables and constants used throughout pflogsumm
 use vars qw(
@@ -455,7 +462,7 @@
        [--problems_first] [--rej_add_from] [--no_bounce_detail]
        [--no_deferral_detail] [--no_reject_detail] [--no_no_msg_size]
        [--no_smtpd_warnings] [--zero_fill] [--syslog_name=name]
-       [file1 [filen]]
+       [--limit_abs=<n>] [--limit_rel=<n>] [file1 [filen]]
 
        $progName --[version|help]";
 
@@ -486,7 +493,9 @@
     "verbose_msg_detail" => \$opts{'verbMsgDetail'},
     "verp_mung:i"        => \$opts{'verpMung'},
     "version"            => \$opts{'version'},
-    "zero_fill"          => \$opts{'zeroFill'}
+    "zero_fill"          => \$opts{'zeroFill'},
+    "limit_abs=i"        => \$opts{'limit_abs'},
+    "limit_rel=f"        => \$opts{'limit_rel'}
 ) || die "$usageMsg\n";
 
 # internally: 0 == none, undefined == -1 == all
@@ -1289,11 +1298,21 @@
 sub really_print_hash_by_cnt_vals {
     my($hashRef, $cnt, $indents) = @_;
 
+    # recount total number of events in this group
+    my $total = 0;
+    $total += $_ foreach (values(%$hashRef));
+
+    # minimum number of occurances, absolute and relative
+    my $abs_limit = (defined $opts{'limit_abs'}) ? $opts{'limit_abs'} : 0;
+    my $rel_limit = (defined $opts{'limit_rel'}) ? ($opts{'limit_rel'} * $total) / 100 : 0;
+
     foreach (map { $_->[0] }
 	     sort { $b->[1] <=> $a->[1] || $a->[2] cmp $b->[2] }
 	     map { [ $_, $hashRef->{$_}, normalize_host($_) ] }
 	     (keys(%$hashRef)))
     {
+    # do not show events with only few occurances
+    next if ($hashRef->{$_} < $abs_limit || $hashRef->{$_} < $rel_limit);
         printf "$indents%6d%s  %s\n", adj_int_units($hashRef->{$_}), $_;
         last if --$cnt == 0;
     }