> I don't think this is an ASSP issue rather a fail2ban one Actually, I don’t think that’s exactly true. fail2ban, which has done incredible things to keep my server calm in the face of so many different kinds of attacks, works because it monitors a lower-level routine that is, IIRC, part of *nix. That routine sets a flag when a log file is changed, and fail2ban triggers off that flag being set.
There are three processes in the chain: 1) the source updating a log file, 2) the routine that triggers each time that log file is changed, and 3) fail2ban, which notes the change flag for the log. The directory process kicks off each time the log is changed, too. Given that I can’t change the lower level routine that, in effect, announces any changes to log files, my only choice is to change the write frequency. The more I think about it, though, I likely don’t need or want to leave it more than a few seconds, say two to five, rather than the 30+ I was originally envisioning. For example, the reason I’ve been considering this is that I have an old and, by today’s standards, not very fast server that usually has a small load. The SMTP incoming message usually average about 250 per day. In the past ten days, however, the rate has been around 5,000 per day. Some IPs come in only once, but many do not. The ipfw list from SMTP connexions has risen in that period from about 20 to up to about 1,000. I can reduce the time that each IP is blocked, but that only gains me a shorter ipfw list. ipfw is definitely not the CPU-load-causing process. The load-causing process is the directory service that is kicked off each time a log file is changed. :-/ T. ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
