It wasn’t working for me, no matter what I tried.
The command
fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
was showing matches successfully.
In the end I ran these commands… I’m fairly sure it was just the RepeatedMsgReduction setting to off that fixed it though
dpkg-reconfigure tzdata
ln -s /usr/share/zoneinfo/Europe/London /etc/localtime
vim /etc/rsyslog.conf
#Change this line of "off" so we can see all messages
$RepeatedMsgReduction off
Then
service rsyslog restart