I first considered logsurfer+, but when I discovered that it didn’t come with any rules ready to go immediately. I switched to logsentry instead. While logsurfer+ has more gee-wiz options and capabilities; logsentry is dead simple to get going. logsentry starts out being overly verbose but it’s simple to customize it. logsentry combined with some custom shell magic is a good choice for me. Inspiration came from Dave Taylor‘s LinuxJournal column Work the Shell

#!/bin/sh

ACCESSLOG="/var/log/kernel/*"
/bin/egrep -h 'SRC=[0-9]{1,3}' $ACCESSLOG |
        /bin/awk '{print $8}' |
        /bin/sed 's/SRC=//g' |
        /bin/sort |
        /usr/bin/uniq -c |
        /bin/sort -rn

Don’t trust any code you see here. WordPress’s editor is too smart for it’s own good. There’s supposed to be a backslash at the end of each line except the last one, but the editor insists on escaping my escape sequences.