René Berber wrote: > Robert T Wyatt wrote: > [snip] >> Thanks René, probably better, but still doesn't seem to match. By that I >> mean that I restart denyhosts and it doesn't seem to pick up those ip >> addresses at startup when it processes my log file (I've seen it do this >> in the past for my PAM messages). I suppose that one possibility is that >> those addresses may have been picked up by syncing in the meantime.... I >> can investigate this possibility. > > DH keeps a state so it knows how much of a log it has already seen. I think > it > is in a file; should be since it needs to be there at next start.
That's a possibility. The hosts were not picked up by syncing. I wish I had an easy way to test these patterns so that I know when I can stop. I know that when I was testing the SSHD_FORMAT_REGEX that DH kept picking up my IP even after shutting DH down, removing the ip from hosts.deny, adding it to hosts.allow, and even after cutting it out of the log the file. DH must have kept it somewhere. I wound up just waiting for it to be pruned. Meanwhile, I've put all the patterns I've tried on the same page as the log data I'm trying to match: http://robertwyatt.info/fink/match.txt Time to hit the sack for tonight, maybe something will occur to me tomorrow. Thanks, Robert ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
