# Fail2Ban filter for unsuccessful Vaultwarden authentication attempts # Logged in /var/log/vaultwarden.log # Author: LearningSpot [Definition] failregex = ^\s*(?:\[\]\s*)?\[vaultwarden::api::(identity||admin||core::two_factor::authenticator)\]\[ERROR\] (Invalid admin token||Invalid TOTP code||Username or password is incorrect)[\.!](?:\s+(?!IP:)\S+)* IP: (?:\. Username: \S+)? ignoreregex =