Fail2Ban: Struggling with datepattern and Unifi Network Application

I have an Ubuntu 22.04 server running Unifi Network Application 7.1.65. I’m trying my best to harden the server so I’ve enabled UFW and opened up these ports:

Now I’d like to get Fail2Ban working but I can’t get it to match any lines from my log files. The default date pattern is not what Unifi uses, which looks like this:

[2022-05-18T18:23:16,677] WARN api - failed to authenticate to SSO: Cloud operation failed! RC=403, error: {“detail”
:“Invalid credential”}

I’ve tried several datepattern options and what seems like every vatiation thereof:


In every case, the result of running the test

fail2ban-regex /var/log/unifi/server.log /etc/fail2ban/filter.d/unifi.conf

is always this:

Running tests

Use   failregex filter file : unifi, basedir: /etc/fail2ban
Use      datepattern : .%Y-%m-%d[T]%H:%M:%S,%f. : .Year-Month-Day[T]24hour:Minute:Second,Microseconds.
Use         log file : /var/log/unifi/server.log
Use         encoding : UTF-8


Failregex: 0 total

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [75496] .Year-Month-Day[T]24hour:Minute:Second,Microseconds.

Lines: 75655 lines, 0 ignored, 0 matched, 75655 missed
[processed in 13.60 sec]

Missed line(s): too many to print.  Use --print-all-missed to print all 75655 lines

Or I just get python errors in the output depending on my combination of square brackets.

For starters I had to randomly stumble across the formatting for Mircroseconds (%f), I’d been using the man page for date to figure it out and %f is not documented. Fail2Ban has no reference list for this either.

I’ve been at this for half the day trying different variations and searching for examples. I cam across this script early on: Glenn R. but something must have changed a few versions ago because the script no longer gets things working.

Any help is greatly appreciated.