I run a number of machines and have found a little PERL script to be excellent for this sort of thing.
from the log-guardian.pl script: "This script lets you monitor one or more log files in an endless loop, I<a la> C<tail -f>. As lines are added to the files, they are compared to one or more patterns specified as Perl regular expressions. And as matches are found, the script reacts by running a block of Perl code. Thus, for example, you could use B<log-guardian> to monitor web logs for problematic behaviour and add troublesome hosts to a blocklist dynamically. You could even use it as a port knocking server" http://www.tifaware.com/perl/log-guardian/ I have it set to monitor rejectlog for both RBL failures and MX-points-to-localhost which is a sure sign that the recipient is not one of yours 3 strikes and they're out - blocked by iptables I release the iptables list every 4-12 hours depending on how busy the machine is or how fast its cpu is. I've seen 10,000 plus addresses in the block list which on one of my slower machines pretty much brings it to a stop - that was after about 5 hours of non-stop hammering by the droids. I accumulate a list of the blocked IP addresses and modified the script to ignore ones in my allow-list just in case. If people are interested I'll make a couple of versions available - there are subtle differences for older (RH-9 and FC-1) and newer (FC-4/5) operating systems I also use it to monitor proftpd for failed logins. Been getting lots of them lately too. richard -- - Richard C. Pitt Pacific Data Capture [EMAIL PROTECTED] 604-644-9265 http://richard.pacdat.net www.pacdat.net PGP Fingerprint: FCEF 167D 151B 64C4 3333 57F0 4F18 AF98 9F59 DD73 -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
