Drupal to syslog to fail2ban

This way you enable jail2ban on your drupal sites, and also while doing it, create a drupal.log file via rsyslog deamon.

Enable drupal syslog
drush en syslog

Via admin/config/development/logging setup logging
syslog identity -> prepend a log name / string will be visible with every log records
syslog facility -> used to identify drupal log with rsyslog deamon

save and check whether syslog logging works
cat /var/log/syslog | grep drupal

Set logging to a separate file
editor /etc/rsyslog.conf
at bottom add line
local0.* /var/log/drupal.log

Create new jail in jail.d
editor /etc/fail2ban/jail.d/drupal.conf
enabled = true
filter = drupal-auth -> name of file in /etc/fail2ban/filter.d/
action = iptables-multiport[name=drupal-auth, port="http,https", protocol=tcp]
logpath = /var/log/drupal.log -> log file to look for failed attempts
maxretry = 3 -> amount of failed attempts before banned

Check for current status
fail2ban-client status
Reload to enable new jail
fail2ban-client reload
Check if successfully enabled
fail2ban-client status drupal