possibly
the problem is not only upstream but also in Nethserver. For example the logs used by nethserver for apache are not access.log or error.log but like you see ‘ssl_error_log-20171007’ when the logrotate is triggered.
At first fail2ban expect to find something in access.log or error.log but they are empty, like we find in Fail2Ban doesn´t ban webinterface
Therefore I tried to add a wildcard to the fail2ban regex (‘*’) and reload the fail2ban configuration when the fail2ban logs are rotated…but I suspect that maybe it doesn’t work
to solve you jail problem do : fail2ban-client reload
look after in the fail2ban log if the jail started well
before I would be interested by the content of
ll /var/log/sogo/
ll /var/log/fail2ban
ll /var/log/httpd
and the version of nethserver-fail2ban
rpm -qa nethserver-fail2ban