New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Option to limit initial file scanning #1016
Comments
Option But current implementation of filter makes a full scan (to find a time I have developed a new algorithm (half-interval search) for very fast seek to |
Called binary search. |
@szepeviktor know-it-all :) |
Conclusion:
|
Parsing/scaning large log files is a bit problematic, say files >500MB take some time and CPU power to be parsed. Also modyfing log format to drop info and thus make file smaller just to run fail2ban does not sound optimal/desiarable. It would seem that very often, most of log file is not that relevant. Well at least in my use case, probably days worth of logging, at most, is what is relevant. Though I could even live with no "pre-scanning" of log file. So it would be nice if jail could define something like:
log_tail =
If that is specified it should only look at log lines on startup. Additionall alternative (though considerably more complicated to implement):
log_scan_only_last_min =
If that is specified only, scan lines that have timestamps that are less than num minutes before now. Obviously scanning would need to happen backwards in such case.
Or at least option to disable "pre-scaning" miget even be enough. Though obviously this (well all mentioned options) should be on per jail basis.
The text was updated successfully, but these errors were encountered: