Hi, I could use a little help with some scripting. My perl/python is rudimentary, and bash not a lot better, but I'm sure this isn't too hard to do... We get a lot (read thousands a day) of these lines in logs on all the machines we support, including our own: Jul 6 16:53:24 xxx sshd[1628]: Invalid user chris from 202.202.43.110 It's a script kiddie trying to take advantage of an exploit in SSH. We use key-based authentication only, on SSH V2, so no real risk there, but it's annoying. What I'd like to do is monitor the logs for such a line (or maybe three on the trot), and immediately do this: /sbin/route add -host 202.202.43.110 reject which will lock them out until a restart. Any help appreciated! Cheers, Laurie. -- -------------------------------------------------------------------- Laurie Brown laurie@brownowl.com --------------------------------------------------------------------