# Fail2Ban filter for Bitwarden
# Detecting failed login attempts
# Logged in bwdata/logs/identity/Identity/log.txt

[INCLUDES]
before = common.conf

[Definition]
failregex = ^%(__prefix_line)s\s*\[[^\s]+\]\s+Failed login attempt(?:, 2FA invalid)?\. <HOST>$

# DEV Notes:
# __prefix_line can result to an empty string, so it can support syslog and non-syslog at once.