A technique I learned is to use the "fail2ban-regex" command with a log file sample containing actual traffic that you want banned.
E.g. for Apache logs from the shell prompt: $ fail2ban-regex /path/to/apache/logs/access_log.????.??.??-??_??_?? /etc/fail2ban/filter.d/apache-404.conf You'll get a report if the regexes in the apache-404.conf or whatever filter you're using is detecting traffic or not, according to whatever jail file is in use. I'm sure that with your experience in Fail2ban, you already double-check all the settings in the jail file like logpath, maxretry, findtime, and bantime. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng