home firewall log tweaking

When you configure your home firewall, do you log everything?

I like to poke around in my firewall logs... but its a lot of the same.
Scans for port 137,139,1026,1027,1433,1444, etc.
You know the drill. With all that in there, it becomes very boring looking through.

So, I decided to just not log those specific ports denied inbound (the most common hit ports most likely generated by worms). I still log everything that is permitted inbound. A benefit of it might be that it'll use less resources sending those over to syslog?

Is that a stupid thing to do?

Now when I look at it... I'll notice the stuff that isn't so common. (generated by worms or scripts)
Not that I expect much...

i like to log it all then do 'find /I "allowed" firewall.log >allowed.txt. (or grep). i dont think syslog messages take up that much network bandwidth. naming each rule according to what its actually allowing/blocking helps make your searching easier. like including all traffic to remote 80 in a rule named 'Web'. then you can refine your search to "Rule 'Web': Permitted: Out TCP" or omit it. using a rule named 'all' for everthing that isn't already defined or is ambiguous by nature and putting it lowest on the list allows you to see just the non-common traffic.

logging everything can give you a better idea of whats going on when you see an entry that looks a little odd. you can then grep for all entries for that ip in the original log and see only those entries to get a bigger picture. kiddies try allot of the same things that worms do only more of them.

all this is probably not necessary and if its blocked its not anything to worry about but i still think its fun and it makes me feel in control.