thorough documentation - too much to ask for?
besides the lack of explaining what the log levels are, why not fully disclose reference info on the various messages one might see with an explanation of how one might use them to administer one's network?
for example, what are these security warnings telling me?
Mar 30 23:54:01 - ipt_tcpmss_target: bad length (48 bytes)
Mar 30 19:57:07 - 23 DPT#0 WINDOWX40 RES=0x00 SYN URGP=0