I’ve just stumbled across a great command in Fail2ban to check whether or not your filter will actually score a hit from your log file.
From the command line.
[code lang=bash]
$ fail2ban-regex /path/to/logfile /etc/fail2ban/filter.d/myfilter.conf regex_to_ignore
[/code]
As an example.
[code lang=bash]
$ fail2ban-regex /var/log/secure.log /etc/fail2ban/filter.d/sshd.conf (myusername|myIPaddress)
[/code]
This seems like a great way to test whether changes to your filters are correct, rather than just waiting to see if anything shows up in fail2ban.log.