# Fail2Ban filter for Bitwarden # Detecting failed login attempts # Logged in bwdata/logs/identity/Identity/log.txt [INCLUDES] before = common.conf [Definition] _daemon = Bitwarden-Identity failregex = ^%(__prefix_line)s\s*\[(?:W(?:RN|arning)|Bit\.Core\.[^\]]+)\]\s+Failed login attempt(?:, 2FA invalid)?\. <ADDR>$ # DEV Notes: # __prefix_line can result to an empty string, so it can support syslog and non-syslog at once.