diff --git a/Dockerfile b/Dockerfile
index dee053b..6e9166e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -46,7 +46,8 @@ COPY supervisor.conf /etc/supervisor/conf.d/f2b-control-center.conf
 # ── Startup and health ────────────────────────────────────────────────────────
 COPY entrypoint.sh  /entrypoint.sh
 COPY healthcheck.sh /healthcheck.sh
-RUN chmod +x /entrypoint.sh /healthcheck.sh
+COPY logwatch.sh    /logwatch.sh
+RUN chmod +x /entrypoint.sh /healthcheck.sh /logwatch.sh
 
 # ── Runtime directories ───────────────────────────────────────────────────────
 RUN mkdir -p /data /nginx-logs /var/log /var/run/fail2ban
diff --git a/logwatch.sh b/logwatch.sh
new file mode 100644
index 0000000..207c288
--- /dev/null
+++ b/logwatch.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+# ── Log file watcher ──────────────────────────────────────────────────────────
+# Polls /nginx-logs every 30s. If a new proxy-host-*_access.log appears,
+# reloads fail2ban so it picks up the new file immediately.
+# ─────────────────────────────────────────────────────────────────────────────
+
+LOG_DIR="${LOG_DIR:-/nginx-logs}"
+INTERVAL=30
+
+known=$(ls "$LOG_DIR"/proxy-host-*_access.log 2>/dev/null | sort | tr '\n' ':')
+
+echo "[logwatch] Watching $LOG_DIR for new proxy-host log files..."
+
+while true; do
+    sleep "$INTERVAL"
+    current=$(ls "$LOG_DIR"/proxy-host-*_access.log 2>/dev/null | sort | tr '\n' ':')
+    if [ "$current" != "$known" ]; then
+        echo "[logwatch] New log file(s) detected — reloading fail2ban"
+        fail2ban-client reload 2>&1 | sed 's/^/[logwatch] /'
+        known="$current"
+    fi
+done
diff --git a/supervisor.conf b/supervisor.conf
index 2e94057..3c81f51 100644
--- a/supervisor.conf
+++ b/supervisor.conf
@@ -37,6 +37,19 @@ stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 priority=10
 
+# ── log watcher ───────────────────────────────────────────────────────────────
+[program:logwatch]
+command=/logwatch.sh
+autostart=true
+autorestart=true
+startretries=3
+startsecs=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+priority=15
+
 # ── dashboard ─────────────────────────────────────────────────────────────────
 [program:dashboard]
 command=/usr/local/bin/node /app/server.js