Hi,
I've seen that but fail2ban is able to analyze log files run tasks if a limit is succeded. IMO fail2ban is an addition to the currect system not a replacement. E.g. if there are more than 3 failed logins via SSH an iptables rule is added which blocks the source IP.Thing is, if we really need it. How many times did we actually ban users?I'll look into the logs and analyze how many "attacks" we have and sent the results later today.
I've done some research. SSH authentication failure since 10. June (count >100): 199 88.191.62.239 305 113.98.255.46 5487 14.63.220.97 403 in logs of apache since 30. June (count >100): 101 50.56.113.75 108 85.190.1.74 114 72.233.72.139 148 200.113.158.27 156 66.249.72.201 208 94.180.42.16 213 184.173.23.149 213 50.116.101.10 221 111.13.8.12 336 72.233.72.155 392 220.181.94.236 486 115.68.3.185 525 115.91.86.237 718 46.119.123.239 4371 217.69.134.91Fail2ban would have been able to block these based on amount of messages in log files.
Andrwe