I am on Debian 10.5 LAMP with ISPConfig, running PHPMYADMIN 4.9.0.1.

I am trying to setup the default phpmyadmin-syslog.conf filter for fail2ban to protect phpmyadmin.

Problem:
pma logging doesn't appear to work according to documentation.

I have tried 3 methods to enable logging:

Method 1:

in my /usr/share/phpmyadmin/config.inc.php i have added:

$cfg['AuthLog'] = 'auto';

Which should output failed login attempts to syslog or php according to docs
https://docs.phpmyadmin.net/en/latest/config.html

Method 2:

$cfg['AuthLog'] = 'syslog';

However, neither /var/log/auth.log , nor /var/log/syslog logged failed login attempts.

Method 3:
$cfg['AuthLog'] = '/var/log/phpmyadmin-auth.log';

and gave permissions to the log to www-data user using (note: unsure if this correct, pma is controluser)

#chown www-data:www-data /var/log/phpmyadmin-auth.log and
#chmod 755 /var/log/phpmyadmin-auth.log

My /etc/fail2ban/jail.local file contains:

[phpmyadmin-auth]
enabled = true
port = https,https
filter = phpmyadmin-syslog
logpath = /var/log/syslog    #this was changed according to above methods
maxretry = 3

and the default /etc/fail2ban/filter.d/phpmyadmin-syslog.conf contains:

# Fail2Ban fitler for the phpMyAdmin-syslog
#
[INCLUDES]
before = common.conf

[Definition]
_daemon = phpMyAdmin
failregex = ^%(__prefix_line)suser denied: (?:\S+|.*?) \(mysql-denied\) from <HOST>\s*$
ignoreregex =
# Author: Pavel Mihadyuk
# Regex fixes: Serg G. Brester

(no useful tip for enabling the phpyadmin logging)

Anybody know what I am missing?