how to spot ddos in /var/log/messages

anybody can show me how to spot ddos / flood from /var/log/messages?

Mar 7 01:25:50 encapsulation kernel: ** OUT_TCP DROP ** IN= OUT=eth0 SRC=**myserver IP** DST=202.159.31.243 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=63179 DF PROTO=TCP SPT=80 DPT=36852 WINDOW=6972 RES=0x00 ACK URGP=0

What's that information ?

 

 

 

 

Top