Inside [RFE]: Make It Possible To Define How Long

When tracking failed2ban activity, the current status report shows all failed attempts from the last hour - no matter how spread out they are. This leads to misleading visuals: five rapid bans from different IPs collapse into a false ‘rising ladder’ of failed events, confusing real threat patterns. A clearer approach? Introduce a --period=minutes flag for status command to cap how far back failed events count - say, last 5 minutes. This filters noise, keeps counters accurate, and feeds better data into dashboards like Grafana. The psychology here? Humans don’t see raw logs - they want clarity. Real-time monitoring needs precision, not just latest snapshots. But here’s the catch: perfect precision risks missing broader trends. If period drops below a minute, data becomes too volatile. And going beyond 60 minutes? Most environments don’t generate fast enough flood patterns to justify it. The bottom line: define a sensible window - 5 minutes for spikes, ignore the rest. Make status reporting smarter, not just faster. Ask: does this data help you act, or just clutter your screen?