Problems, Comments Click Here ## Info ##
The idea behide log_watcher is to help stop those damn script kiddies.
Log_watcher watchs the /var/log/secure for "Illegal user" (aka some one tryed
to log in as a non-existant user) and "Did not receive identification string"
(aka some one tryed to login with out a username). And when these things are
found it gets the IP address from switch the source came from and drops via
iptables. But it only drop port 22 on the WAN nic form the source address.

This way if need be this address can still access your website,email
server,etc.

All blocks are loged in /var/log/log_watcher in this format:

Blocking [test1234] From Address [212.27.33.113] On [04-03-05]

All variables are surrounded by [] to help scripting for other apps.
the 3 variables are
1. Tryed & Failed username
2. Source ipaddress
3. date attack was tryed on

Now there is 1 feature and or bug with this script. Restarting iptables
results in remove all the blocked ipaddress from being blocked. And again I do
say this a feature and or a bug depending on how you look at it.




## Install ##
1. Download file
2. untar / gzip it
3. move log_watcher.pl to where you'd like to run it from
4. edit it to soot your needs
5. start it (./log_watcher.pl)


## Requirements ##
1. Perl 5.8.0
2. tail
3. iptables

---

Versions : log_watcher.tgz

Change Log : ## log_watcher 0.0 ## Just released !!! ## log_Watcher 0.1 massive rewritte by David Goodwin (http://david.codepoets.co.uk) addon : all options cen be supplied from the command line ## log_watcher 1.0 ## Massive updates added : unblocking ips added : resume unblokcing on script restart added : multi ports can be blocked added : multi nics supported