Hi people. I have spent 2 days trying to get Fail2Ban to work. I have read everything I can find without success, so it is time to ask. I have installed Fail2ban on a test server and after some messing with the configs got it working well. Then I tried to install on a production box but it just won't work. Both boxes are running Centos 5.3 and are reasonably identical (except the hardware of course). I have even copied the configs from the test to the production box. Fail2ban seems to be running and passes all the tests I can come up with but it just fails to ban any attempts at brute force SSH. Here are the configs/results of tests etc :- # fail2ban-client status # fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf Here is the result of a deliberate wrong user login (from /var/log/secure): To ensure that there was not time issue,I immediately ran the date command There are no local config files so here are the regular files (snipped for brevity): Jail.conf sshd.conf I have not changed iptables.conf When I stop and start Fail2ban an email is sent confirming the stop and another for the start. The version I installed was fail2ban-0.8.2-3.el5.rf.noarch.rpm from DAG packages for Red Hat Linux el5 x86_64. Hoping that someone can help. Thanks for reading. Edited to add: var/log/fail2ban.log shows no entry for failed logins but does show entries for the start/stop.