I have created a cusom jail in jail.local:
# detect password authentication failures
[AINA]
enabled = true
filter = pruebaAina
logpath = /var/log/messages
findtime = 120
maxretry = 1
action_ = iptables-multiport
and created a filter:
[Definition]
failregex = WebFAX:\s\[<HOST>\]\sauthentication\sfailed
ignoreregex =
I have tried the filter-regex and it recogize the log error:
Jun 13 15:29:35 webfax WebFAX: [XX.XX.XX.XX] authentication failed for aina
The problem is that its not taking any acction. I have check the fail2ban log and there is no error and the jail is started.
I have tried the filter-regex and its working