diff --git a/config/filter.d/znc-adminlog.conf b/config/filter.d/znc-adminlog.conf
index 9ba2b434..8faa25e3 100644
--- a/config/filter.d/znc-adminlog.conf
+++ b/config/filter.d/znc-adminlog.conf
@@ -3,12 +3,28 @@
 # to use this module, enable the adminlog module from within ZNC and point
 # logpath to its logfile (e.g. /var/lib/znc/moddata/adminlog/znc.log).
 
+[DEFAULT]
+
+logtype = file
+
 [Definition]
 
-failregex = ^\[\] \[[^]]+\] failed to login from <ADDR>$
+_daemon = znc
+
+# Prefix for different logtype (file, journal):
+#
+__prefix_file = (?:\[\]\s+)?
+__prefix_short = (?:\S+\s+%(_daemon)s\[\d+\]:)\s+
+__prefix_journal = %(__prefix_short)s
+
+__prefix_line = <__prefix_<logtype>>
+
+failregex = ^%(__prefix_line)s\[[^]]+\] failed to login from <ADDR>
 
 ignoreregex = 
 
+journalmatch = _SYSTEMD_UNIT=znc.service + _COMM=znc
+
 # DEV Notes:
 # Log format is: [<DATE+TIME>] [<USERNAME>] <ACTION> from <ADDR>
 # [2018-10-27 01:40:17] [girst] connected to ZNC from 1.2.3.4
diff --git a/fail2ban/tests/files/logs/znc-adminlog b/fail2ban/tests/files/logs/znc-adminlog
index c4d1098d..143bf95b 100644
--- a/fail2ban/tests/files/logs/znc-adminlog
+++ b/fail2ban/tests/files/logs/znc-adminlog
@@ -5,3 +5,11 @@
 [2018-10-27 01:40:17] [girst] connected to ZNC from 1.2.3.4
 # failJSON: { "match": false }
 [2018-10-27 01:40:21] [girst] disconnected from ZNC from 1.2.3.4
+
+# failJSON: { "time": "2019-09-08T15:53:19", "match": true , "host": "192.0.2.1", "desc": "port after IP" }
+[2019-09-08 15:53:19] [admin] failed to login from 192.0.2.1:65001
+
+# filterOptions: {"logtype": "journal"}
+
+# failJSON: { "match": true , "host": "192.0.2.2", "desc": "systemd-journal entry, port after IP" }
+Test znc[37232]: [admin] failed to login from 192.0.2.2:65009