Do you also wonder about ongoing login attempts via ssh? We had a lot on our servers in the last few days. There seems to be some new sort of multithreaded SSH bruteforcer who does this kind of annoying logins and scans. Read a thread in this forum, on SANS or myNetWatchman. The script seems to test many accounts now.