> > Is there any performance/resource impact of having separate jails > > configured that monitor the very same log file? > > Just a guess: yes.
Would it be possible to get the opinion of someone familiar with the internals? I'd appreciate to know general operation principles and how it compares to have for the SAME log file: * Many jails each with regex to detect specific violation * One big jail with many regex to detect all violations for the log file > > Is it best to combine the regex of all such jails into one generic named > > jail? Or does it not matter, is fail2ban (v.9 for me) smart enough to > > know how to combine the resources used in such case? > > I think it depends rather on what ports or for how long you intend to ban > an offender. As long as you apply the same bans, combine as many regexps > you wish. Good point, we can only combine if bantime and other attributes are same. ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
