From: Cyril J. <cyr...@fa...> - 2007-09-18 20:41:26
|
Hi all, > Whether its executed twice or not is a good question, I'll leave that up > to the developer to respond to, if the ignoreregex is checked if its not > null then yeah I guess it would look it up twice; however, I also use > postfix and since I have implemented that I have not seen iptables trying > to block an unknown host anymore :) > You can have a look at findFailure in server/filter.py. Each line in failregex or ignoreregex correspond to a regular expression. Let's take an example: failregex = Authentication failure for .* from <HOST>$ Failed [-/\w]+ for .* from <HOST>$ ROOT LOGIN REFUSED .* FROM <HOST>$ [iI](?:llegal|nvalid) user .* from <HOST>$ User .* from <HOST> not allowed because not listed in AllowUsers$ ignoreregex = unknown\[unknown\] For each log line, there will be a maximum of 6 evaluations of regular expressions and a minimum of 2. I do not know if the evaluation of 6 simple regular expressions is faster than 1 evaluation of a more complex one!? Regards, Cyril Jaquier |