fail2ban/config/filter.d/bitwarden.conf

# Fail2Ban filter for Bitwarden
# Detecting failed login attempts
# Logged in bwdata/logs/identity/Identity/log.txt

[INCLUDES]
before = common.conf

[Definition]
_daemon = Bitwarden-Identity
failregex = ^%(__prefix_line)s\s*\[(?:W(?:RN|arning)|Bit\.Core\.[^\]]+)\]\s+Failed login attempt(?:, 2FA invalid)?\. <ADDR>$

# DEV Notes:
# __prefix_line can result to an empty string, so it can support syslog and non-syslog at once.
New upstream version 0.11.1 2020-01-12 22:21:29 +00:00			`# Fail2Ban filter for Bitwarden`
			`# Detecting failed login attempts`
			`# Logged in bwdata/logs/identity/Identity/log.txt`

New upstream version 0.11.2 2020-11-26 12:47:25 +00:00			`[INCLUDES]`
			`before = common.conf`

New upstream version 0.11.1 2020-01-12 22:21:29 +00:00			`[Definition]`
New upstream version 0.11.2 2020-11-26 12:47:25 +00:00			`_daemon = Bitwarden-Identity`
			`failregex = ^%(__prefix_line)s\s*\[(?:W(?:RN\|arning)\|Bit\.Core\.[^\]]+)\]\s+Failed login attempt(?:, 2FA invalid)?\. <ADDR>$`

			`# DEV Notes:`
			`# __prefix_line can result to an empty string, so it can support syslog and non-syslog at once.`