The importance of understanding your log files.
Before we get into how to configure fail2ban any further, you need to understand a bit about your log files. Logs are a record of, actions that have been taken, by your server. The log is written after the action has already happened.
This is important to understand because fail2ban will NOT and can NOT ban a hack attempt before it happens or while it is in progress. However there is a fine line between the terms “before”, “while” and “after”.
What you need to understand is that someone or some script trying to hack your server will almost never just try once and then go away. If someone just makes one attempt at something and then they go away they are not really a concern. Usually though they will try repeatedly until they get in, get board, or get frustrated and go away. But more often though they will come back again and again and again…