diff --git a/ChangeLog b/ChangeLog
index fe22906f..8a81399b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,10 +6,11 @@
 Fail2Ban: Changelog
 ===================
 
-ver. 0.9.2 (2015/04/26) - better-quick-now-than-later
+ver. 0.9.2 (2015/04/29) - better-quick-now-than-later
 ----------
 
 - Fixes:
+   * Fix ufw action commands
    * infinite busy loop on _escapedTags match in substituteRecursiveTags gh-907.
      Thanks TonyThompson
    * port[s] typo in jail.conf/nginx-http-auth gh-913. Thanks Frederik Wagner
@@ -53,6 +54,7 @@ ver. 0.9.2 (2015/04/26) - better-quick-now-than-later
      - postfix-rbl  Thanks Lee Clemens
      - apache-fakegooglebot.conf  Thanks Lee Clemens
      - nginx-botsearch  Thanks Frantisek Sumsal
+     - drupal-auth  Thanks Lee Clemens
    - New recursive embedded substitution feature added:
      - `<<PREF>HOST>` becomes `<IPV4HOST>` for PREF=`IPV4`;
      - `<<PREF>HOST>` becomes `1.2.3.4` for PREF=`IPV4` and IPV4HOST=`1.2.3.4`;
diff --git a/README.md b/README.md
index d45c58d9..92dedd8c 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
                         / _|__ _(_) |_  ) |__  __ _ _ _  
                        |  _/ _` | | |/ /| '_ \/ _` | ' \ 
                        |_| \__,_|_|_/___|_.__/\__,_|_||_|
-                       v0.9.2                  2015/04/26
+                       v0.9.2                  2015/04/29
 
 ## Fail2Ban: ban hosts that cause multiple authentication errors
 
diff --git a/THANKS b/THANKS
index 5482b21d..5ae86a3c 100644
--- a/THANKS
+++ b/THANKS
@@ -6,6 +6,7 @@ the project.  If you have been left off, please let us know
 (preferably send a pull request on github with the "fix") and you will
 be added
 
+Aaron Brice
 Adam Tkac
 Adrien Clerc
 ache
diff --git a/config/action.d/ufw.conf b/config/action.d/ufw.conf
index 04b8b32c..d2f731f2 100644
--- a/config/action.d/ufw.conf
+++ b/config/action.d/ufw.conf
@@ -13,9 +13,11 @@ actionstop =
 
 actioncheck = 
 
-actionban = [ -n "<application>" ] && app="app <application>" ; ufw insert <insertpos> <blocktype> from <ip> to <destination> $app
+actionban = [ -n "<application>" ] && app="app <application>"
+            ufw insert <insertpos> <blocktype> from <ip> to <destination> $app
 
-actionunban = [ -n "<application>" ] && app="app <application>" ; ufw delete <blocktype> from <ip> to <destination> $app
+actionunban = [ -n "<application>" ] && app="app <application>"
+              ufw delete <blocktype> from <ip> to <destination> $app
 
 [Init]
 # Option: insertpos
diff --git a/config/filter.d/drupal-auth.conf b/config/filter.d/drupal-auth.conf
new file mode 100644
index 00000000..b60abe3e
--- /dev/null
+++ b/config/filter.d/drupal-auth.conf
@@ -0,0 +1,26 @@
+# Fail2Ban filter to block repeated failed login attempts to Drupal site(s)
+#
+#
+# Drupal must be setup to use Syslog, which defaults to the following format:
+#
+#   !base_url|!timestamp|!type|!ip|!request_uri|!referer|!uid|!link|!message
+#
+#
+
+[INCLUDES]
+
+before = common.conf
+
+
+[Definition]
+
+failregex = ^%(__prefix_line)s(https?:\/\/)([\da-z\.-]+)\.([a-z\.]{2,6})(\/[\w\.-]+)*\|\d{10}\|user\|<HOST>\|.+\|.+\|\d\|.*\|Login attempt failed for .+\.$
+
+ignoreregex =
+
+
+# DEV Notes:
+#
+# https://www.drupal.org/documentation/modules/syslog
+#
+# Author: Lee Clemens
diff --git a/config/jail.conf b/config/jail.conf
index c7946660..732aeab9 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -385,6 +385,11 @@ maxretry = 5
 #
 #
 
+[drupal-auth]
+
+port     = http,https
+logpath  = %(syslog_daemon)s
+
 [guacamole]
 
 port     = http,https
diff --git a/fail2ban/tests/files/logs/drupal-auth b/fail2ban/tests/files/logs/drupal-auth
new file mode 100644
index 00000000..5e7194d9
--- /dev/null
+++ b/fail2ban/tests/files/logs/drupal-auth
@@ -0,0 +1,7 @@
+# failJSON: { "time": "2005-04-26T13:15:25", "match": true , "host": "1.2.3.4" }
+Apr 26 13:15:25 webserver example.com: https://example.com|1430068525|user|1.2.3.4|https://example.com/?q=user|https://example.com/?q=user|0||Login attempt failed for drupaladmin.
+# failJSON: { "time": "2005-04-26T13:15:25", "match": true , "host": "1.2.3.4" }
+Apr 26 13:15:25 webserver example.com: https://example.com/subdir|1430068525|user|1.2.3.4|https://example.com/subdir/user|https://example.com/subdir/user|0||Login attempt failed for drupaladmin.
+
+# failJSON: { "time": "2005-04-26T13:19:08", "match": false , "host": "1.2.3.4" }
+Apr 26 13:19:08 webserver example.com: https://example.com|1430068748|user|1.2.3.4|https://example.com/user|https://example.com/user|1||Session opened for drupaladmin.
diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
index b851c54b..fd43bd24 100644
--- a/fail2ban/tests/servertestcase.py
+++ b/fail2ban/tests/servertestcase.py
@@ -802,7 +802,7 @@ class TransmitterLogging(TransmitterBase):
 				   outValue=Exception('Failed to change log target'),
 				   repr_=True # Exceptions are not comparable apparently
                                   )
-			  }[platform.system() in ('Linux',)]
+			  }[platform.system() in ('Linux',) and os.path.exists('/dev/log')]
 		)
 
 	def testLogLevel(self):