/etc/fail2ban/paths-test.conf

[INCLUDES]
before = paths-common.conf
after  = paths-overrides.local
 
[DEFAULT]
test_logs = /var/log/test*.log

/etc/fail2ban/filter.d/testjail.conf

[INCLUDES]
before = common.conf
 
[Definition]
_daemon = test
failregex = ^%(__prefix_line)s.*fail2ban([ \d]*)?test IP: <HOST>.*$

/etc/fail2ban/jail.local

[INCLUDES]
before = paths-test.conf
 
[DEFAULT]
bantime  = 86400
findtime = 86400
banaction = dummy
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
 
action = %(action_mwl)s
 
[testjail]
enabled = true
port    = ssh
logpath = %(test_logs)s
filter   = testjail
maxretry = 2

Testing:

systemctl restart fail2ban

echo "$(date +'%b %d %T') $(hostname) test: fail2ban 1 test IP: 192.168.1.15" >> /var/log/test2.log
echo "$(date +'%b %d %T') $(hostname) test: fail2ban 1 test IP: 192.168.1.15" >> /var/log/test.log

destination=/root/temp/fail2ban.local
find /etc/fail2ban -type f -name "*.local" | rsync -av --files-from=- / "$destination"/

• Fail2ban-users: Reload action without full service restart?
• Multiple Logpaths prevent starting when action_mwl is used · Issue #976
• action_mwl and multi logs breaks start up · Issue #727