implemented yarikoptic's suggestions in fail2ban pull request #1376

config/filter.d/zoneminder.conf

@@ -3,7 +3,7 @@
 
 [Definition]
 
-# patern :      [client 10.1.1.1:38022] WAR [Login denied for user "test"], referer: https://zoneminderurl/
+# pattern: [client 10.1.1.1:38022] WAR [Login denied for user "test"], referer: https://zoneminderurl/
 #
 #
 # Option:  failregex
@@ -13,7 +13,7 @@
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 
 
-failregex = [[]client <HOST>:\d\d\d\d\d] WAR [[]Login denied for user
+failregex = ^[[]client <HOST>:\d\d\d\d\d] WAR [[]Login denied for user \S*], referer: \S*$
 
 ignoreregex =
 

config/jail.conf

@@ -873,7 +873,6 @@ backend = %(syslog_backend)s
 # Logs auth failures to apache2 error log
 enabled = false
 port    = http,https
-filter  = zoneminder
-logpath = /var/log/apache*/*error.log
+logpath = %(apache_error_log)s
 maxretry = 3