For those who want to track brute force attacks on the http/dav serve remotes.
CONFIGS
/etc/fail2ban/filter.d/rclonehttp.conf
# Fail2Ban filter for unsuccesfull authentication attempts
#
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
failregex = INFO : /.*: <HOST>:\d+: Unauthorized request from\s*
ignoreregex =
[Init]
datepattern = %%Y/%%m/%%d %%H:%%M:%%S
/etc/fail2ban/jail.local
[rclonehttp]
enabled = true
filter = rclonehttp
port = 7444,6444
logpath = /data/log/rclonehttp.log tail
[rclonedavs]
enabled = true
filter = rclonehttp
port = 7443,6443
logpath = /data/log/rclonedavs.log tail