Edit your jail.local (Fail2Ban) to send the IPs and logs via mail to Blocklist
[ssh] enabled = true port = ssh filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois-lines[name=SSH, dest="firstname.lastname@example.org,<email@example.com>", sender=fail2ban@<yourhostname.com>, sendername="Fail2Ban", logpath=/var/log/auth.log] logpath = /var/log/auth.log maxretry = 3
You might see something like the following in your mails
Lines containing IP:10.1.1.1 in /dev/null
Make sure that the correct logpath is included inside the “sendmail-whois-lines” brackets.