Is there a way to make logcheck react to something?
For example, let's say I notice a certain pattern to some of the logs, and I think I could easily program some kind of parser to recognize, and then do something, e.g. add a rule to iptables. Is there a way I can do this with logcheck?
I am not sure about log check, but if you set up Nagios monitoring you can also set up Event Handlers, which run scripts under certain conditions. It would be pretty easy write a script that checks the logs for Nagios, alerts for certain text, and then Nagios would run the event handler script. Although this is a bit involved, I think you might find many uses for Nagios. Here is the documentation for Nagios event handlers.
Another option might be to set up procmail and have it run scripts based on the email alert. This is described in the procmail faq under "How can I run an arbitrary Perl or shell script on all or selected incoming mail? "
For logcheck itself, it looks like there is -o option:
"-o STDOUT mode, not sending mail."
So you might be able to use that to pipe the output to a script that does that action you want if it finds the text, else it just sends the email as normal. But I have never experminted with that myself.
Hey-- old logcheck maintainer here. There is no built in way to do this, though you could hack it with a pipe/grep like Kyle suggested.