{
      cmd: ['journalctl', '-fn0', '-u', 'ssh.service'],
      filters: {
        failedlogin: {
          regex: [
            @'authentication failure;.*rhost=<ip>',
            @'Connection reset by authenticating user .* <ip>',
            @'Failed password for .* from <ip>',
          ],
          retry: 6,
          retryperiod: '6h',
          actions: banFor('48h') + sendmail('<ip>','"Banni 48h pour tentative de co à SSH"'),
        },
      },
    },