Loggrep greps kernel logfiles on ipchains and iptables packet log entries and features the ability to filter against given entries (date, IP, port, ..). It also features a quasi-detection of portscanning, line count on given options and html output.
It's written in C++ - so it may be not as fast as needed, but works fine with smaller files.


loggrep -h kernel

Feb2218:21:44inputREJECTeth0 PROTO=17195.58.165.24361943xxx.186.xxx.1 123
Feb2218:34:51inputREJECTeth0 PROTO=6216.40.101.842405xxx.186.xxx.41080
Feb2218:34:51inputREJECTeth0 PROTO=6216.40.101.842404xxx.186.xxx.31080
Feb2218:34:51inputREJECTeth0 PROTO=6216.40.101.842402xxx.186.xxx.11080

Total: 842 lines.

loggrep -h -X kernel

SrcIPCount 303 233 30 29 29 22 17 15 15 15

Total: 10 lines.