More specifically, the Authentication Failures. They are now so numerous that the message is becoming too long to handle. One example from the latest message (I've blocked out the IP:s)

sshd:
  Authentication Failures:
     unknown (xxx.xxx.xxx.xxx): 2439 Time(s)
     unknown (xxx.xxx.xxx.xxx): 125 Time(s)
     adm (xxx.xxx.xxx.xxx): 24 Time(s)
     ftp (xxx.xxx.xxx.xxx): 21 Time(s)
     mail (xxx.xxx.xxx.xxx): 21 Time(s)
     mysql (xxx.xxx.xxx.xxx): 21 Time(s)
     apache (xxx.xxx.xxx.xxx): 18 Time(s)
     adm (xxx.xxx.xxx.xxx): 6 Time(s)
     root (xxx.xxx.xxx.xxx): 6 Time(s)
     apache (xxx.xxx.xxx.xxx): 3 Time(s)
     bin (xxx.xxx.xxx.xxx): 2 Time(s)
     daemon (xxx.xxx.xxx.xxx): 2 Time(s)
     root (xxx.xxx.xxx.xxx): 2 Time(s)
     root (xxx.xxx.xxx.xxx): 2 Time(s)
  Invalid Users:
     Unknown Account: 2564 Time(s)

followed by a list of all the attempts.

The only thing I'm really interested in is if anyone logs into the (only) active SSH-account, that scripts trying to log in to disallowed accounts are mostly annoying. Mostly because I never see the end of the message due to the fact that it's clipped.

I've seen some rules that automatically add IP:s that tries to break in to the firewall-block. Would this be a good idea, or would it perhaps prevent "legitime" users to access the site(s) on the server? If it's possible, anyone know the best way to implement this?