On 07/12/2015 01:04 PM, Lee Clemens wrote: > pyinotify uses the Linux kernel's inotify system calls. polling > actually causes fail2ban to sleep and check the file's mtime > periodically, iirc.
It's a matter of efficiency, mostly CPU usage. polling is the most primitive and requires the process to wake up frequently to check weather the log file has changed. So the process runs even if the log file has not changed. The only reason to use polling is if you are using an older OS that doesn't support the others. Gamin is somewhat better, I don't personally know the exact details, but pyinotify is the most efficient, cause your telling the kernel to wake up the process automatically when the file changes, so it doesn't have to run until something get's written to the log file. As others have mentioned, none of these are relevant if you are using the systemd/journald journal format. I am not currently running Centos 7, but my understanding is that rsyslogd can be run in such a way as to also output to log files, in which case you could use either the systemd/journald directly or the log file. I would probably choose the systemd method because fail2ban is likely to pick things up more quickly then if there is yet another daemon (rsyslogd) in the middle. Natu ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
