I've since updated the auth-log parser into the application Scrutiny. This Python3 application parses auth.log and fail2ban.log log files and puts the details into the database. I've also since updated the Defestri site itself to read this data and display it on a page here. Maybe next I'll look at pulling some more general trend information from the data, for example common user names tried, common source address blocks, that sort of thing. With information such as common source address blocks it will be possible to drop all traffic from the offending subnet to reduce the number of break-in attempts coming in.