It wasn’t working for me, no matter what I tried.
fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
was showing matches successfully.
In the end I ran these commands… I’m fairly sure it was just the RepeatedMsgReduction setting to off that fixed it though
ln -s /usr/share/zoneinfo/Europe/London /etc/localtime
#Change this line of "off" so we can see all messages
service rsyslog restart