====================================================================================
=== Настойка PSAD:
====================================================================================

iptables -I FORWARD 1 -j LOG --log-prefix "PSAD_FORWARD "
iptables -I INPUT 1 -j LOG --log-prefix "PSAD_INPUT "
echo -e 'kern.info |/var/lib/psad/psadfifo' >> /etc/rsyslog.d/50-default.conf

sed -i '/PSAD_/d' syslog
grep "Accepted publickey" syslog | awk '{print $6" "$7" "$8" "$9" "$10" "$11}' | sort -u

== Не писать логи iptables в kern.log: ==

vi /etc/rsyslog.conf (или в rsyslog.d/?)
kern.*;kern.!info                       -/var/log/kern.log

i=$(cat top_attackers | sort -k3 -n | tail -n 10 | awk '{print $1}')
for t in $i; do cat /var/log/psad/$t/*whois >> /root/11.txt; done
grep OrgName /root/11.txt

for i in $(cat /var/log/psad/top_attackers | sort -k3 -n | tail -n 10 | awk '{print $1}'); do cat /var/log/psad/$i/*whois >> /root/packet_ctr.txt; done; grep OrgName /root/packet_ctr.txt
rm /root/packet_ctr.txt; for i in $(cat /var/log/psad/top_attackers | sort -k3 -n | tail -n 10 | awk '{print $1}'); do echo $i >> /root/packet_ctr.txt; cat /var/log/psad/$i/*packet_ctr >> /root/packet_ctr.txt; done; cat /root/packet_ctr.txt