Hello, to stop bruteforce logins to samba i want to create a fail2ban-rule which blocks IPs with to many login-errors. unfortunately used logins and IPs in samba log are scattered to multiple lines so i cant find a relation. i use samba for wan and cant reduce to internal IPs. What ist best in my case to get better logs or stop abusing? Thanks, Hajo