diff -ur fail2ban-0.9.7-orig/config/filter.d/roundcube-auth.conf fail2ban-0.9.7/config/filter.d/roundcube-auth.conf
--- fail2ban-0.9.7-orig/config/filter.d/roundcube-auth.conf	2017-05-11 03:38:57.000000000 +0200
+++ fail2ban-0.9.7/config/filter.d/roundcube-auth.conf	2017-06-26 16:57:15.171337942 +0200
@@ -7,16 +7,30 @@
 # The logpath in your jail can be updated to userlogins if you wish
 #
 
+
+[Definition]
+# Fail2Ban configuration file for roundcube web server authentication failures
+#
+# When you enable systemd-logging, this filter needs "$config['log_driver']" set 
+# to "syslog" in the roundcube configuration
+#
+
 [INCLUDES]
 
 before = common.conf
 
 [Definition]
 
-failregex = ^\s*(\[\])?(%(__hostname)s\s*(roundcube:)?\s*(<[\w]+>)? IMAP Error)?: (FAILED login|Login failed) for .*? from <HOST>(\. .* in .*?/rcube_imap\.php on line \d+ \(\S+ \S+\))?$
-            ^\[\]:\s*(<[\w]+>)? Failed login for [\w\-\.\+]+(@[\w\-\.\+]+\.[a-zA-Z]{2,6})? from <HOST> in session \w+( \(error: \d\))?$
+prefregex = ^\s*(\[\])?(%(__hostname)s\s*(?:roundcube(?:\[(\d*)\])?:)?\s*(<[\w]+>)? IMAP Error)?:
+
+failregex = %(prefregex)s (?:FAILED login|Login failed) for (?P<user>.*) from <HOST>(\. (?:(?! from ).)*(?: user=(?P=user))? in \S+\.php on line \d+ \(\S+ \S+\))?$
+	    %(prefregex)s (?:<[\w]+> )?Failed login for (?P<user>.*) from <HOST> in session \w+( \(error: \d\))?$
+
+ignoreregex =
+
+[Init]
+journalmatch = SYSLOG_IDENTIFIER=roundcube
 
-ignoreregex = 
 # DEV Notes:
 #
 # Source: https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_imap.php#L180
diff -ur fail2ban-0.9.7-orig/config/jail.conf fail2ban-0.9.7/config/jail.conf
--- fail2ban-0.9.7-orig/config/jail.conf	2017-05-11 03:38:57.000000000 +0200
+++ fail2ban-0.9.7/config/jail.conf	2017-06-26 10:37:10.200062390 +0200
@@ -379,7 +379,8 @@
 
 port     = http,https
 logpath  = %(roundcube_errors_log)s
-
+# Use following line in your jail.local if roundcube logs to journal.
+#backend = %(syslog_backend)s
 
 [openwebmail]