These are my configurations in /etc/fail2ban:
** jail.local**
[joomla-login-errors]
enabled = true
port = http,https
filter = joomla-login-errors
logpath = /var/www/path-to-website/logs/error.php
maxretry = 2
** filter.d/joomla-login-errors.conf**
[Definition]
failregex = ^%(__prefix_line)s*INFO <HOST>.*joomlafailure.*Username.*$
If I try:
fail2ban-regex /var/www/path-to-website/logs/error.php '^%(__prefix_line)s*INFO <HOST>.*joomlafailure.*Username.*$'
Nothing gets matched, but most of the lines are like this (the IP is invented, but those on my files are real):
2019-08-20T09:57:42+00:00 INFO 500.188.602.500 joomlafailure Username and password do not match or you do not have an account yet