diff --git a/config/filter.d/centreon.conf b/config/filter.d/centreon.conf
new file mode 100644
index 00000000..fd3c8482
--- /dev/null
+++ b/config/filter.d/centreon.conf
@@ -0,0 +1,9 @@
+# Fail2Ban filter for Centreon Web
+# Detecting unauthorized access to the Centreon Web portal
+# typically logged in /var/log/centreon/login.log
+
+[Init]
+datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S
+
+[Definition]
+failregex = ^(?:\|-?\d+){3}\|\[[^\]]*\] \[<HOST>\] Authentication failed for '<F-USER>[^']+</F-USER>'
diff --git a/config/jail.conf b/config/jail.conf
index ba5a54b8..b39b3a6c 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -821,6 +821,10 @@ udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010
 action  = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
            %(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
 
+[centreon]
+port    = http,https
+logpath = /var/log/centreon/login.log
+
 # consider low maxretry and a long bantime
 # nobody except your own Nagios server should ever probe nrpe
 [nagios]
diff --git a/fail2ban/tests/files/logs/centreon b/fail2ban/tests/files/logs/centreon
new file mode 100644
index 00000000..fc6fe4fe
--- /dev/null
+++ b/fail2ban/tests/files/logs/centreon
@@ -0,0 +1,4 @@
+# Access of unauthorized host in /var/log/centreon/login.log
+# failJSON: { "time": "2019-10-21T18:55:15", "match": true , "host": "50.97.225.132" }
+2019-10-21 18:55:15|-1|0|0|[WEB] [50.97.225.132] Authentication failed for 'admin' : password mismatch
+