From: Arturo 'B. B. <bu...@bu...> - 2013-02-25 12:41:47
|
Hello fellow devs and users. I just had a crazy post-holiday thought, that sprang from reading on github: https://github.com/fail2ban/fail2ban/pull/128 Crazy Thought: fail2ban refactored as a syslog daemon with banning capabilities. What about non-syslog based logfiles in that scenario? Oh, well. Crazy, I know. But worth thinking about it? |
From: Arturo 'B. B. <bu...@bu...> - 2013-02-25 13:02:53
|
A guy on twitter (Gergely Nagy @algernoone) referred me to this post: http://valentijn.sessink.nl/?p=322 On Mon, Feb 25, 2013 at 9:41 AM, Arturo 'Buanzo' Busleiman <bu...@bu...> wrote: > Hello fellow devs and users. > > I just had a crazy post-holiday thought, that sprang from reading on github: > https://github.com/fail2ban/fail2ban/pull/128 > > Crazy Thought: fail2ban refactored as a syslog daemon with banning capabilities. > > What about non-syslog based logfiles in that scenario? > > Oh, well. > > Crazy, I know. But worth thinking about it? |
From: Yaroslav H. <li...@on...> - 2013-02-26 16:10:34
|
looks indeed like a neat and worth approaching idea but as far as I see it it would have only limited/targetted applicability? what about all other deamons/servers which do not log to system wide loggers? format for native syslog-ng 'filters' seems to be also not that easy to grasp On Mon, 25 Feb 2013, Arturo 'Buanzo' Busleiman wrote: > A guy on twitter (Gergely Nagy @algernoone) referred me to this post: > http://valentijn.sessink.nl/?p=322 > On Mon, Feb 25, 2013 at 9:41 AM, Arturo 'Buanzo' Busleiman > <bu...@bu...> wrote: > > Hello fellow devs and users. > > I just had a crazy post-holiday thought, that sprang from reading on github: > > https://github.com/fail2ban/fail2ban/pull/128 > > Crazy Thought: fail2ban refactored as a syslog daemon with banning capabilities. > > What about non-syslog based logfiles in that scenario? > > Oh, well. > > Crazy, I know. But worth thinking about it? > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_feb > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users -- Yaroslav O. Halchenko http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org Postdoctoral Fellow, Department of Psychological and Brain Sciences Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik |
From: Yaroslav H. <li...@on...> - 2013-02-26 16:13:26
|
On Mon, 25 Feb 2013, Arturo 'Buanzo' Busleiman wrote: > Hello fellow devs and users. > I just had a crazy post-holiday thought, that sprang from reading on github: > https://github.com/fail2ban/fail2ban/pull/128 > Crazy Thought: fail2ban refactored as a syslog daemon with banning capabilities. > What about non-syslog based logfiles in that scenario? yeaaaah BUT -- may be there could be a way to setup a more efficient channel for communication with the *syslog*, replacing standard file-based backends, thus eliminating the need for parsing log lines and matching dates formats, as current fail2ban does? may be it could be brought even further that fail2ban's patterns could be transparently converted/provided to e.g. syslog-ng so it would only provide f2b with "interesting" ones? ;) -- Yaroslav O. Halchenko http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org Postdoctoral Fellow, Department of Psychological and Brain Sciences Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik |
From: Arturo 'B. B. <bu...@bu...> - 2013-02-26 16:17:12
|
On Tue, Feb 26, 2013 at 1:09 PM, Yaroslav Halchenko <li...@on...> wrote: > looks indeed like a neat and worth approaching idea but as far as I see > it it would have only limited/targetted applicability? I am not so sure about that. Of course, it is an idea that needs much discussion. > what about all other deamons/servers which do not log to system wide > loggers? Yes, I mentioned that in my original post as well. > format for native syslog-ng 'filters' seems to be also not > that easy to grasp +1 What about a new feature, someway to tell fail2ban to listen to syslogd messages instead of reading files, instead of starting from "zero" ? Maybe this could go along the external whitelist sources feature request? > > On Mon, 25 Feb 2013, Arturo 'Buanzo' Busleiman wrote: > >> A guy on twitter (Gergely Nagy @algernoone) referred me to this post: >> http://valentijn.sessink.nl/?p=322 > >> On Mon, Feb 25, 2013 at 9:41 AM, Arturo 'Buanzo' Busleiman >> <bu...@bu...> wrote: >> > Hello fellow devs and users. > >> > I just had a crazy post-holiday thought, that sprang from reading on github: >> > https://github.com/fail2ban/fail2ban/pull/128 > >> > Crazy Thought: fail2ban refactored as a syslog daemon with banning capabilities. > >> > What about non-syslog based logfiles in that scenario? > >> > Oh, well. > >> > Crazy, I know. But worth thinking about it? > >> ------------------------------------------------------------------------------ >> Everyone hates slow websites. So do we. >> Make your web apps faster with AppDynamics >> Download AppDynamics Lite for free today: >> http://p.sf.net/sfu/appdyn_d2d_feb >> _______________________________________________ >> Fail2ban-users mailing list >> Fai...@li... >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > -- > Yaroslav O. Halchenko > http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org > Postdoctoral Fellow, Department of Psychological and Brain Sciences > Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 > Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 > WWW: http://www.linkedin.com/in/yarik > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_feb > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users |
From: Yaroslav H. <li...@on...> - 2013-02-26 17:15:12
|
On Tue, 26 Feb 2013, Arturo 'Buanzo' Busleiman wrote: > > format for native syslog-ng 'filters' seems to be also not > > that easy to grasp > +1 > What about a new feature, someway to tell fail2ban to listen to > syslogd messages instead of reading files, instead of starting from > "zero" ? "listen to syslogd messages" -- how? e.g. via syslog-ng 'filters'? > Maybe this could go along the external whitelist sources feature request? that one is just a simple extension to the configuration reader -- and already implemented (with unittests), just waiting for the documentation to be contributed. may be I am missing the point, but something like "listening to syslogd" would be quite heavier feature addition to say the least. -- Yaroslav O. Halchenko http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org Postdoctoral Fellow, Department of Psychological and Brain Sciences Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik |
From: Jan E. <je...@in...> - 2013-02-26 21:12:11
|
On Tuesday 2013-02-26 18:14, Yaroslav Halchenko wrote: >On Tue, 26 Feb 2013, Arturo 'Buanzo' Busleiman wrote: > >> > format for native syslog-ng 'filters' seems to be also not >> > that easy to grasp > >> What about a new feature, someway to tell fail2ban to listen to >> syslogd messages instead of reading files, instead of starting from >> "zero" ? > >"listen to syslogd messages" -- how? e.g. via syslog-ng 'filters'? You simply have syslog write to a pipe, like it already does with /dev/xconsole. All it then takes is f2b to read from the named pipe instead of files. Having f2b become a syslog daemon in its own right is programmatic nonsense. |
From: Yaroslav H. <li...@on...> - 2013-02-26 23:17:02
|
On Tue, 26 Feb 2013, Jan Engelhardt wrote: > >> > format for native syslog-ng 'filters' seems to be also not > >> > that easy to grasp > >> What about a new feature, someway to tell fail2ban to listen to > >> syslogd messages instead of reading files, instead of starting from > >> "zero" ? > >"listen to syslogd messages" -- how? e.g. via syslog-ng 'filters'? > You simply have syslog write to a pipe, like it already does with > /dev/xconsole. All it then takes is f2b to read from the named pipe > instead of files. nah -- this is not much different for reading from the files. I thought there might be an API which would allow to avoid parsing the line into e.g. 'date msg' components and figuring out what date format it is etc... this could save quite a few cpu cycles > Having f2b become a syslog daemon in its own right is programmatic > nonsense. noone suggested such a sin yet so far (or have I missed it ?) -- Yaroslav O. Halchenko http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org Postdoctoral Fellow, Department of Psychological and Brain Sciences Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik |
From: Arturo 'B. B. <bu...@bu...> - 2013-02-27 01:04:35
|
I have not. I was merely thinkibg about some fail2ban features added natively to a [new/existing]syslogd. On Feb 26, 2013 8:18 PM, "Yaroslav Halchenko" <li...@on...> wrote: > > On Tue, 26 Feb 2013, Jan Engelhardt wrote: > > > >> > format for native syslog-ng 'filters' seems to be also not > > >> > that easy to grasp > > > >> What about a new feature, someway to tell fail2ban to listen to > > >> syslogd messages instead of reading files, instead of starting from > > >> "zero" ? > > > >"listen to syslogd messages" -- how? e.g. via syslog-ng 'filters'? > > > You simply have syslog write to a pipe, like it already does with > > /dev/xconsole. All it then takes is f2b to read from the named pipe > > instead of files. > > nah -- this is not much different for reading from the files. I thought > there might be an API which would allow to avoid parsing the line into > e.g. 'date msg' components and figuring out what date format it is > etc... this could save quite a few cpu cycles > > > Having f2b become a syslog daemon in its own right is programmatic > > nonsense. > > noone suggested such a sin yet so far (or have I missed it ?) > > -- > Yaroslav O. Halchenko > http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org > Postdoctoral Fellow, Department of Psychological and Brain Sciences > Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 > Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 > WWW: http://www.linkedin.com/in/yarik > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_feb > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > |