This little program is used on our servers to check wether anybody is trying to break in by guessing for passwords of common usernames, so called "Dictionary attacks".
The taillog script looks at the logfile where ssh logs it's (un)succesful login attempt, usually /var/log/auth.log, and remembers the IP addresses of both successful and unsuccessful login attempts and keeps a count.
Offenders who are logged more than 3 times (meaning they have provided the wrong password more than 9 times) are routed to, making it impossible for them to communicate to the server again.
As a precaution, legitimate ip adresses of successful logins are automatically whitelisted.