Hi,

Currently we're getting about 1000 requests/sec being recorded in our
Apache logs (being rejected with 403's by other means). fail2ban has
been working remarkably well (thanks!) to add appropriate DROP rules to iptables, however it's struggling to keep
up with the Apache logs. As a consequence most of the
new entries in the fail2ban log are of the form:

  [apache-iptables] x.x.x.x already banned

due to the 'reaction time' of fail2ban, and the netfilter stack is suffering.

Is there any advice on configuring fail2ban to help speed up the
log parsing and get IP's banned even faster ?

p.s. I'm using fail2ban 0.8.4 - would upgrading to 0.8.6 help performance-wise?

cheers,
Tim