Sunday, 15 March 2015

python - fail2ban performance considerations regarding log size, complexity, and finditme settings -



python - fail2ban performance considerations regarding log size, complexity, and finditme settings -

i'm new fail2ban , having hard time figuring out performance considerations different configurations i'm thinking setting up. running on raspberry pi board, performance concern.

the obvious optimizations can think of using efficient regular expressions , minimum number of jails needed. guess specific questions are:

how resource usage increment respect findtime values? i'm guessing little , big values both impact server in different ways regarding ram vs. cpu. similarly, how size of log file , number of different log files monitored fail2ban impact overall resource usage?

as example, jail allow seek 3,600 ssh login passwords day if figured out fail2ban config , adjusted script timing accommodate.

[ssh] enabled = true action = iptables-allports[name=ssh] filter = sshd logpath = /var/log/auth.log maxretry = 6 findtime = 120

if changed findtime different extreme of 86400 (1 day), allow 5 attempts day, it's monitoring larger portion of log file. how impact resource usage?

another example, jail post flood attacks:

[apache-post-flood] enabled = true action = iptables-allports[name=apache-post-flood] filter = apache-post-flood logpath = /var/log/apache2/*access.log maxretry = 10 findtime = 10

here, have opposite, findtime counter resetting every 10 seconds. it's monitoring *access logs (i'm guessing, again, i'm new this). mean it's monitoring access.log, other_vhosts_access.log, , perhaps https_access.log https portions of site. if it's been busy day , these files 10-20mb each?

hope helps explain what's on mind. in advance help.

there 1 way find out this, test it, nil else.

add monitoring regarding memory usage if needed, there no formula tell amount of cpu, io or memory need.

as general rule, when retune system, set in comment new value , date when needed retune it. allow see if there trend.

my personal take increment affected resource 30-50% each time. if utilize less risking on doing often.

python performance cpu-usage ram fail2ban

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)