Logscan.py [34 KB]

ftp://techweb.rfa.org/pub/utilities/logscan-0.4.tgz
http://techweb.rfa.org/util/logscan.html

“Logscan is a tool to assist in generating complaint emails in response to security probes or attacks. Logscan scans through logs looking for patterns and if certain thresh-holds are reached it sends a template email to the local administrators for approval. If the administrator sees the attack is not a mistake they can forward the email to the ISP who owns the attacking IPs. Logscan has the beginnings of an interesting module/library called ‘whois’ which is loosely based on work by Scott Hassan (http://www.dotfunk.com/hassan/). This module traverses the tree of various whois servers untill it finds the whois record for the ISP that owns the offending IP and then grabbing the emails of admins responsible there. As this module evolves it will grab other pieces of information from the whois record (unfortunately there appears to be a variety of formats for whois records). “