Logscan provides a tool to generate emails in response to security probes or attacks.
Logscan is a tool to assist in generating complaint emails in response to security probes or attacks. Logscan scans through logs looking for patterns and if certain thresh-holds are reached it sends a template email to the local administrators for approval. If the administrator sees the attack is not a mistake they can forward the email to the ISP who owns the attacking IPs.
Logscan has the beginings of an interesting module/library called "whois" which is loosely based on work by Scott Hassan.
This module traverses the tree of various whois servers untill it finds the whois record for the ISP that owns the offending IP and then grabbing the emails of admins responsible there.
As this module evolves it will grab other pieces of information from the whois record (unfortunately there appears to be a variety of formats for whois records).
· python 1.5.2
The following steps have been summarized into a Makefile. Running "make
install" should do the same.
- Copy logscan.py file to a binary directory such as /usr/local/bin .
- Copy logscan.conf file to /etc .
- Create the directory /etc/logscan.d , or some directory where additional
logscan related configuration files can be located.
- Copy logscan_template.txt to /etc/logscan.d .
- If logcheck is not installed, copy logscan.violations.ignore to