I am new to SentryPeer, but not to honeypots, firewalls etc.

My favorite tools are netfilter and fail2ban. I would like SentryPeer to work easily with fail2ban. That should be simple. Just syslog() the attackes, let syslog add the date stamp.

A typical one line log might look like:

sentrypeer: fromip: 192.168.1.1 type: UDP message: {REGISTER|OPTIONS} agent: sipvicious

With that I can write a fail2ban rule, block them, and report them, automagically.