log monitoring, changing iptables

[Tom Boulay <tboulay () biomail ucsd edu>]

Hi,
        I'm sorry if this is overly simple, I'm just new to it.  I'm trying to
figure out a way to monitor my system logs and use that information to
ignore traffic from an IP address for, say, 15 minutes after three
failed login attempts.  My machine (2.4.x) only has ssh listening.  My
logs seem to have some marathon repeated root login attempts on the
weekends, and I would like to discourage those by including the 15
minute delay.  How would I monitor the /var/log/messages?  Do I need to
use something like sec?

Thanks,
Tom