diff --git a/netlog/netlog b/netlog/netlog
index 75c47f7..f317b8e 100755
--- a/netlog/netlog
+++ b/netlog/netlog
@@ -86,7 +86,6 @@ our %LIMIT=(	# ( class => rate-limit , ... )
 	'TEST'=>new My::RateLimit(10,10),
 	'HARDERR'=>new My::RateLimit(1,14400),		# 1 in 4 h
 	'NACHTWAECHTER' => new My::RateLimit(10,3600),	# 10 in 1 h
-	'SUDO' => new My::RateLimit(30,60),
 	'CPING' => new My::RateLimit(1,86400),		# 1 in 24 h
 );
 
@@ -99,8 +98,6 @@ sub filter {
 
 	/^NETLOG/ and return 0;
 
-	$proc eq 'sudo' && !/pam_/ and return 'SUDO';
-
 	if ($proc eq 'clusterd') {
 		/DOWN|rebootet/ and return 'STATE';
 
@@ -137,7 +134,6 @@ sub filter {
 		/rcu_sched detected stalls/ and return 'RCUSTALL';
 		/invoked oom-killer/ and return 'OOMKILLER';
 	}
-	$proc eq 'su' and /^[+-]/ and return 'SETUSER';
 	if ($proc =~ /^imaps?/) {
 		 /bailing out/ and return 'IMAP_MAILBOX';
 		/error/ && !/tls_start_servertls/ and return 'IMAP_MAILBOX';
@@ -167,7 +163,7 @@ sub filter {
 
 	/remote fault/ and return 'REMOTE_FAULT';
 
-	if ($proc eq 'logwatcher') { # /project/admin/tools/logwatcher.pl on geniux
+	if ($proc eq 'logwatcher' && /block  IP/) { # /project/admin/tools/logwatcher.pl on geniux
 		return 'LOGWATCHER';
 	}