yes AFAIK

It would be nice to have a logic that optimizes this.

agree

I am very weak in python, debugging at most.
Do you know someone who can design the logic and implement it?

1/2 solution
Should I merge filters temporarily?

if it hurts you so badly I guess you could indeed manually merge those

Thank you!
I think it saves some disk load.
Do you plan to implement it or should I close this?

On Tue, 19 Aug 2014, Viktor Szépe wrote:

I think it save some disk load.
unlikely since most probably those would be cached anyways at that point
upon initial read

Do you plan to implement it or should I close this?

it can stay open since it is a valid enhancement request, so may be
someone decides to jump on

Yaroslav O. Halchenko, Ph.D.
http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org
Research Scientist, Psychological and Brain Sciences Dept.
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419
WWW: http://www.linkedin.com/in/yarik

Maybe someone would be glad to have this feature in fail2ban.

suggest close this 'issue', if using inotify (pyinotify) this is irrelevant. A watch is added and signals used to notify fail2ban to reexamine - so the log isn't really 'open' (use lsof to test). This is kernel level, so suggestions to 'save some disk load' should be directed to kernel-dev's.

Now what I do is merge filters for the same log files by hand. Actually joining regexps.

just to link #1379