Kerio Control would check remote log and implement user defined filter and actions, like enforcing / enabling specific firewall rule if a matching log entry is discovered.
Dmytro Gromov commented
Scans Kerio-log files and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally it's used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured.