Logscan enables the generation of email responses to security threats or attacks.
One of the most interesting features of Logscan is "whois," a module/library built into the software. This module draws inspiration from the work of Scott Hassan and is designed to traverse a tree of different whois servers until it finds the relevant whois record for the ISP of the offending IP. From here, it is possible to grab the emails of the responsible admins. It is anticipated that this feature will continue to evolve over time and grab other relevant information from the whois record as it becomes available.
Logscan has specific requirements for operation, namely python 1.5.2. Installation of the software is relatively straightforward, and a Makefile has been developed to automate the process. The installation steps outlined in the Makefile include copying the Logscan files to the relevant directories and creating a directory where additional Logscan configuration files can reside.
Overall, Logscan is an essential tool for any security-conscious company or organization. Its ability to scan logs for security probes and attacks and generate emails based on pre-determined templates is invaluable. The addition of the "whois" module also adds significant functionality to the software, allowing users to quickly identify and contact the relevant ISP admins as needed.
Version 0.4: N/A