Robert T Wyatt wrote: > René Berber wrote: [snip] >> DH keeps a state so it knows how much of a log it has already seen. I think >> it >> is in a file; should be since it needs to be there at next start. > > That's a possibility. The hosts were not picked up by syncing. I wish I > had an easy way to test these patterns so that I know when I can stop.
I can tell you not to loose your time with "The Regex Coach", it is supposed to do exactly what you (we) want, help in testing perl compatible regex matching interactively, but it doesn't work for the '(?P<host>)' part, and sometimes it doesn't work for simpler parts of expressions. There's a similar product, commercial and I've not tried it, called "RegexBuddy". It has a demo time limit, so it can be tested. > I know that when I was testing the SSHD_FORMAT_REGEX that DH kept > picking up my IP even after shutting DH down, removing the ip from > hosts.deny, adding it to hosts.allow, and even after cutting it out of > the log the file. DH must have kept it somewhere. I wound up just > waiting for it to be pruned. Yep, I've done a similar thing, usually trying to break into the server causing the necessary log messages. > Meanwhile, I've put all the patterns I've tried on the same page as the > log data I'm trying to match: http://robertwyatt.info/fink/match.txt > > Time to hit the sack for tonight, maybe something will occur to me tomorrow. It usually happens that way. -- René Berber ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
