I've got a heavy load of people hitting my server trying to get access. I installed fail2ban and I'm trying to figure out where to tell it to look for repeated unauthorized access. I see info about it in my log emails forthe admin user but i have no idea where to point fail2ban to monitor to build a block list. I'm not concerned with ports. I only need to know the location of the log file that shows unauthorized access. I thought itwas the maillog file in /vag/log but that doesn't seem to be right.

Any help is appreciated. If you think deny.hosts works better let me know. My access is only via https.