On 1/19/21 2:33 AM, Dan Mahoney (Gushi) wrote: > The snippet I showed included two or three seconds, which should have been > enough to make a decision. It was more than the threshhold of N hits in N > seconds, certainly. > I did not realize the size of the problem. Your conjecture that f2b is too busy listing matched entries and never getting to banning may be valid. You mention that just a single IP produced a 1.4G output. Perhaps f2b has a 2G file size issue? We are currently using version 0.10.4; I believe the current stable version 0.11.x. (There is even a 1.0 in the works.) Have you tried using a later version of f2b?
> If you'd like more log samples, I can get you them. > I was interested in the time between scans. Does f2b really just stop, ignoring the evidence? Or does it continually list discoveries without stopping? -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think. _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
