There is some hacker from the outside world trying to get into mysql . I have ALL : ALL in hosts.deny with specific hosts listed in hosts.allow. The guy uses some automated script trying to connect to the mysql server. The ALL : ALL in hosts.deny results in an entry to the system log for each failed connection attempt, filling my system log quite rapidly. I tried to slow things a but down by listing him in /hosts.allow with ALL : 219.156.0.0/16 : twist /bin/echo -e "\n\rAccess from %h declined\n\rGo away\n\r"; sleep 100 this works perfectly with attacks on the ssh port, but with mysql it does not work, I get rather a second error message for each connection attempt: May 18 23:40:50 basilisk mysqld[26613]: error: /etc/hosts.allow, line 614: twist option in resident process and also has the rather annoying side effect of being unable to start/restart mysql unless the sleep 100 in the twist has expired. Questions: Why can I feed the hacker with some bullshit with ssh, but not with mysqld? What else can I do to stop the log growing too big too fast without loosing the information of these intrusion attempts? Peter