LogCop is a set of turn-key bash/firewall/awk scripts for enhancing an IDS. It monitors system logs and blocks IP addresses based on such criteria as illegal user names from repeated attacks, or invalid protocols knocking on given ports. In production under Linux, FreeBSD, OS X, Solaris in over 60 servers worldwide since February 2005.

LogCop has helped its users to reduce the number of SSH attacks in those servers where it runs by banning the attacker's IP address. The banning process leverages the built-in packet firewalls into the *NIX systems it supports.