Thanks. I don't want to give away all the keys to my kingdom but it is playing nicely with fail2ban and others.

It's already quieted the logs down considerably on top of just fail2ban.

Sweet, good advice, it's working good. I assume I have to manually enable some actions, but it's much easier than watching logfiles!

This guy is hitting all angles:

[Tue Jun 12 16:35:24.396912 2018] [proxy:warn] [pid 26766] [client 51.15.56.143:58380] AH01144: No protocol handler was valid for the URL http://66.135.33.212:80/phpmyadmin/. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.

Damn. So now I can use this to automatically update blacklists and get more pre-emptive?

** Alert 1528839189.1451: - pam,syslog,authentication_failed,
2018 Jun 12 16:33:09 p4876504->/var/log/auth.log
Rule: 5503 (level 5) -> 'User login failed.'
Src IP: 59.10.239.26
Jun 12 16:33:09 p4876504 sshd[28744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.10.239.26
** Alert 1528839191.1768: - syslog,sshd,invalid_login,authentication_failed,
2018 Jun 12 16:33:11 p4876504->/var/log/auth.log
Rule: 5710 (level 5) -> 'Attempt to login using a non-existent user'
Src IP: 59.10.239.26
Jun 12 16:33:11 p4876504 sshd[28744]: Failed password for invalid user temp from 59.10.239.26 port 58832 ssh2
** Alert 1528839354.2095: - syslog,sshd,invalid_login,authentication_failed,

This is ridiculous.

This looks very promising. It's running now we'll see what it can do.

First "Strategic Partner" listed is Amazon Web Services. Can't escape the signal!

ANUSTART