[Leaplist] fail2ban

[Kevin Inscoe]

Yeah agree with Phil most of these tools (think Swatch) do a Perl
equivalent of tail -f to the logs and only ingest what has not already
been seen. Forking in general is more expensive in cpu time and if you
really want to fine tune in demand zero memory pages where parsing a
log is trivial expense. But not to pick nits either way in reality
assuming your not running a 10 way load balancer (we are) you would
not notice the difference.

On Tue, Mar 9, 2010 at 6:02 PM, Phil Barnett <philb at philb.us> wrote:
> On Tue, 2010-03-09 at 13:29 -0500, Richard F. Ostrow Jr. wrote:
>> Hmm... I'm actually tempted to write something that actually does this
>> properly (ie, via a CLI that syslog can deal with directly, rather than
>> this stupid "I'm going to parse the whole log file every second, no matter
>> how large the log is and eat up all your processing time!" approach that
>> fail2ban uses). This really should be using a "push" pattern rather than a
>> "pull" pattern... it's just stupid going the other way.
>> On Tue, March 9, 2010 1:13 pm, Richard F. Ostrow Jr. wrote:
>
> I didn't see any indication that it is rescanning the entire log every
> second. If I has to do this task, the very least I would do is use the
> output of tail -f. And tee can also do this. And there are many other
> ways. I don't believe for a second that it is parsing the entire file
> each time it wakes up.
>
> That would be insane.
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> Leaplist mailing list
> Leaplist at leap-cf.org
> http://lists.leap-cf.org/mailman/listinfo/leaplist
>



-- 
Kevin P. Inscoe      http://kevininscoe.com
Deltona, FL        kevin [at] inscoe [dot] org

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.