While trying to set up fail2ban, I found that even though my regex/logs matched up nothing was being banned/caught by fail2ban
After a bit of investigation it seems that the auth.log time was being written in GMT whereas fail2ban was expecting it in BST:
==> /var/log/auth.log <==
Oct 11 20:52:21 ns2 sshd[18119]: Invalid user test from 1.2.3.4
Oct 11 20:52:21 ns2 sshd[18119]: Failed none for invalid user test from 1.2.3.4 port 47862 ssh2
Oct 11 20:52:28 ns2 sshd[18119]: Failed password for invalid user test from 1.2.3.4 port 47862 ssh2
==> /var/log/fail2ban.log <==
2010-10-11 21:52:04,017 fail2ban.filter: DEBUG /var/log/auth.log has been modified
2010-10-11 21:52:04,029 fail2ban.filter.datedetector: DEBUG Sorting the template list
Fairly simple fix of:
rm /etc/localtime
ln -s /usr/share/zoneinfo/Europe/London /etc/localtime
and I am now successfully banning myself from accessing my server.