I am trying to log failed attempts from an .htpasswd file. i want the failed attempts to be emailed to me. It is working for failed ssh logins. It seems like fail2ban is reading my log file entries???? I'm lost on why it won't email me jail.conf Code: [apache] enabled = true filter = apache-auth action = sendmail-whois[name=ApacheDeny, [email protected]] logpath = /var/log/phpmyadmin.log maxretry = 2 apache-auth.conf Code: [Definition] # Option: failregex # Notes.: regex to match the password failure messages in the logfile. The # host must be matched by a group named "host". The tag "<HOST>" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) # Values: TEXT # #failregex = [[]client <HOST>[]] user .* authentication failure # [[]client <HOST>[]] user .* not found / # [[]client <HOST>[]] user .* password mismatch failregex = [[]client <HOST>[]] user .* not found # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = log file [Sat Mar 03 18:27:01 2012] [error] [client 74.4.4.4] user asfadsfasf not found: / [Sat Mar 03 18:27:03 2012] [error] [client 74.4.4.4] user asfsadfdsfad not found: / [Sat Mar 03 18:27:08 2012] [error] [client 74.4.4.4] user ffffffff not found: / [Sat Mar 03 18:27:10 2012] [error] [client 74.4.4.4] user ffffffff not found: / result of test - fail2ban-regex /var/log/phpmyadmin.log "[[]client <HOST>[]] user .* not found" Results ======= Failregex |- Regular expressions: | [1] [[]client <HOST>[]] user .* not found | `- Number of matches: [1] 4 match(es) Ignoreregex |- Regular expressions: | `- Number of matches: Summary =======