Login attempts are logged in /var/log/ispconfig/auth.log
loglevel in ISPConfig is ERROR
See ISPConfig interface/web/login/index.phpAbout in line 310.
So you can directly create a filter rule in /etc/fail2ban/filter.d/ispconfig.conf with content:
[Definition]
failregex = ^Failed login for user (.*) from at
ignoreregex =
And add a jail to /etc/fail2ban/jail.local
[ispconfig]
enabled = true
port = http,https,8080
filter = ispconfig
logpath = /var/log/ispconfig/auth.log
maxretry = 3
Test it with:
fail2ban-regex /var/log/ispconfig/auth.log /etc/fail2ban/filter.d/ispconfig.conf
Restart fail2ban service
Solution tested with ISPConfig 3.1.9