Permblock Description

knuckles · Post by **knuckles** » 08 May 2009, 14:46

Hi,

The entry for "PERMBLOCK" as listed in the CSF deny file could be a bit more verbose:

XX.XX.84.26 # lfd: (PERMBLOCK) XX.XX.84.26 has had more than 4 temp blocks in the last 86400 secs - Thu May 7 14:55:43 2009

As a suggestion, could you possibly have it notate the reasons for the temp blocks? They could be shortened, ie:

XX.XX.84.26 # lfd: (PERMBLOCK) 4 temp blocks in the last 86400 secs (pop3d, pop3d, sshd, pop3d) - Thu May 7 14:55:43 2009

We do a lot of investigation on a daily basis into brute forces, intrusions, etc, and it would be nice to see this information without sifting through even more logs.

Just a suggestion!

Thanks!

Post by **chirpy** » 17 May 2009, 16:49

I'll add request on the wishlist. Part of the problem is that the permblock can be for any of the different tempblocks and could make the comment text quite unwieldy