Phil Schwartz wrote: >> DH keeps a state so it knows how much of a log it has already seen. I think >> it >> is in a file; should be since it needs to be there at next start. >> > > FWIW, the "offset" file in the WORK_DIR contains the last offset the DH > scanned. > > The way that I test changes to DH is sort of a hack but it works well... > simply edit your SECURE_LOG file and append to it w/ any editor. Simply > create a bogus ip address to use 1.1.1.1. Copy an earlier entry that > you'd like to test against and use replace the ip address w/ the bogus one > and save the file. DH will see that a new entry exists. If you run DH in > debug mode and "tail -f /var/log/denyhosts" you will see that DH found new > data and what actions it took. > > FWIW #2: Since I also developed Kodos I use that exclusively for all of my > regex tweaking. > > Hope that helps, > > Phil
Phil, Thanks as always for your input. This helps. I have figured out how to start DH in --debug mode now (I only get to work on this a little at a time), so hopefully I'll find some time this week to finish solving this riddle. René's regex passes the pcre test, but it doesn't trigger DH, so there's a little bit of work left for me to do. I think that if I can port kodos to work in this configuration that it will very likely be the tool I need to finish this. As a result of using debug mode, I've finally figured out why my allowed hosts file wasn't working as expected (it wasn't where I thought it was). A small part of my problem is that my asl.log is pruned nightly (note the passive voice there) to exclude the very entries I'm trying to trigger from, but, as you pointed out, there is a way (more than one really) around this. I'll keep you posted! Robert ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
