> I am willing to have some trust that the developers and some people in > the community know what they are doing. pyinotify is presumably a newer > implementation and seems to be preferred over gamin.
Yes, the author of the integration of pyinotify to f2b Jonathan Underwood explains some reasonable points: https://sourceforge.net/p/fail2ban/mailman/message/24308907/ But I also saw this (from 2008, maybe fixed by now?) http://www.serpentine.com/blog/2008/01/04/why-you-should-not-use-pyinotify/ > > Besides having another daemon (rsyslog) in middle, do you know > > the scheme used for the systemd backend? Does it also poll > > or use some type of notify method? > > I don't know off hand, but newer implementations tend to be interrupt > driven and don't use polling. You could look at the source code. > Otherwise the developers would know. You could try both and note the > CPU usage of your fail2ban process/threads. You could also compare the > response times of the different interfaces by noting the date/time when > the message was logged and then compare that to the fail2ban log telling > what time the banning occured. Thanks. ON THE OTHER HAND -- no one has mentioned on a busy system wouldn't polling be LESS CPU intensive? (at the sacrifice of possibly missing some filter hits) Does inotify (pyinotify) have limits set so it doesn't wake up f2b process too many times a second? ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
