When you first load the client does it read the entire log file prior to working?
My maillog file is never less than a couple of GB’s. When I start fail2ban to only monitor postfix mail logs, it takes literally 40 minutes before a single IP gets banned.
My only guess is the above, any idea if I’m right?
Can we change that via config so that it starts at the end of the file ( tail –f )?
Its just a complete waste of time since you are really looking for the last 10 minutes to actually ban, and a log towards the end of the month is too big.