Peter wrote in <fac5405e-3511-6e99-492d-03cd4b653...@pajamian.dhs.org>: |On 27/08/20 6:41 am, Steffen Nurpmeso wrote: |> You know, i always could not understand why people use expensive |> logfile parsers to reach out for state that the server(s) had once |> they made their decision, which resulted in the logfile entry. |> That is just grazy. Take this for example | |You can go a level up without having to involve Postfix and it's not so |expensive. many syslog daemons allow you to match certain lines and do |a call out to a shell function exactly the way you're asking. for |example, rsyslog has a "Shell execute" action that does exactly this |which, when used in combination with an expression-based filter can do |call outs on exact events.
You will not see me doing such things. I could also apply some packet inspection, but that definetely also not. DragonFly BSD has created a special log file parser in C to reduce the overhead. But that not me. I have never understood, and have always (many years) said that, why noone ever came up with such a generic notification framework, that can easily be used by all servers, because all servers need it. (More or less. But true.) I would have done blocklistd a bit differently, the "abusive behaviour" event for example requires knowledge of the past. It would be easier if we could send a "booking" event, and the daemon would manage an address/counter pair. Like this events from multiple servers would give an overall picture. And if the limit is excessed, blocklistd could act autonomously. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
