Splunk has this capability via its Google Maps addon that allows you to map IP addresses that show up in your syslog. That way you can pinpoint geo locations of attacks such as scans.
Do you guys have any suggestions as to if and how this can be done with just a regular syslog server such as syslog-ng or a syslog software collecting the logs? How would you go about performing reverse lookups on the syslogs?
We have an ASA device that we want to analyze syslogs from to get a better idea about the location of external attacks.
These services use a Geo-IP database to do their lookups of IP addresses to physical locations. Some databases are cheap, some are (very) expensive - it depends on the level of granularity you want.
As to how to actually do this, I'm afraid I can't shed much light. I would extract each line into a database and do lookups against a GeoIP table - but there's possibly more efficient ways of doing it.