Use the simplest tool possible. Fail2ban relies on log parsing, which is a possible attack vector.
The thing is that you can reach pretty much the same effect with a smaller attack service and better efficiency using rate limiting in your packet filter.
E.g. in iptables the 'recent' module can do this, see man man iptables-extensions and search for 'recent'. E.g. you can set up a rule that any IP address making more than 5 connection attempts to port 22 in one minute gets put on a list that is DROPped.
Edit: BTW, if you think the fail2ban attack vector is purely theoretical, you might want to check the CVEs:
iptables rate limiting still doesn't solve the problem of identifying attacks against one service so that they can be preemptively blocked by other services on other servers.
The thing is that you can reach pretty much the same effect with a smaller attack service and better efficiency using rate limiting in your packet filter.
E.g. in iptables the 'recent' module can do this, see man man iptables-extensions and search for 'recent'. E.g. you can set up a rule that any IP address making more than 5 connection attempts to port 22 in one minute gets put on a list that is DROPped.
Edit: BTW, if you think the fail2ban attack vector is purely theoretical, you might want to check the CVEs:
http://www.cvedetails.com/vulnerability-list/vendor_id-5567/...