I am using the following script to ban users failing to authenticate with fail2ban:
My problem is that it logs attempts of users only existing to the database
I would like to modify it in order to log all FAILED authentication attempts
Is this possible?
 
# Authentication route
route[AUTH] {
#!ifdef WITH_AUTH

  if(is_present_hf("Authorization"))
  {
    if($sht(a=>$au::auth_count)==3)
    {
      $var(exp) = $Ts - 900;
        if($sht(a=>$au::last_auth) > $var(exp))
        {
            sl_send_reply("403", "Try later");
            exit;
        } else {
            $sht(a=>$au::auth_count) = 0;
        }
    }
    if(!www_authenticate("$td", "subscriber"))
    {
      switch ($retcode) {
            case -1:
                sl_send_reply("403", "Forbidden");
            exit;
            case -2:
#fixed null -> $null:
                if($sht(a=>$au::auth_count) == $null)
                    $sht(a=>$au::auth_count) = 0;
                $sht(a=>$au::auth_count) = $sht(a=>$au::auth_count) + 1;
xlog("User $fu Authenticating from ip $si\n");
                if($sht(a=>$au::auth_count) == 3)
xlog("User $fU Authenticating for the 3d time from ip $si\n");
                $sht(a=>$au::last_auth) = $Ts;
            break;
        }
www_challenge("$td"/*realm*/,"0"/*qop*/);
        exit;
    }
    $sht(a=>$au::auth_count) = 0;
  } else {
    www_challenge("$td","0");
    exit;
  }
}
#!endif