Permblock Description
Posted: 08 May 2009, 14:46
Hi,
The entry for "PERMBLOCK" as listed in the CSF deny file could be a bit more verbose:
XX.XX.84.26 # lfd: (PERMBLOCK) XX.XX.84.26 has had more than 4 temp blocks in the last 86400 secs - Thu May 7 14:55:43 2009
As a suggestion, could you possibly have it notate the reasons for the temp blocks? They could be shortened, ie:
XX.XX.84.26 # lfd: (PERMBLOCK) 4 temp blocks in the last 86400 secs (pop3d, pop3d, sshd, pop3d) - Thu May 7 14:55:43 2009
We do a lot of investigation on a daily basis into brute forces, intrusions, etc, and it would be nice to see this information without sifting through even more logs.
Just a suggestion!
Thanks!
The entry for "PERMBLOCK" as listed in the CSF deny file could be a bit more verbose:
XX.XX.84.26 # lfd: (PERMBLOCK) XX.XX.84.26 has had more than 4 temp blocks in the last 86400 secs - Thu May 7 14:55:43 2009
As a suggestion, could you possibly have it notate the reasons for the temp blocks? They could be shortened, ie:
XX.XX.84.26 # lfd: (PERMBLOCK) 4 temp blocks in the last 86400 secs (pop3d, pop3d, sshd, pop3d) - Thu May 7 14:55:43 2009
We do a lot of investigation on a daily basis into brute forces, intrusions, etc, and it would be nice to see this information without sifting through even more logs.
Just a suggestion!
Thanks!