Journalctl only shows accepted ssh connections. How do I find out the rejected connections?

I'm using openSUSE 13.2

Hmm, isn't that information still in:
Best regards,
HMW

Edit:
At least in Debian based distros. Sorry, I don't really know about openSUSE.

If not 'journalctl -u sshd.service' or 'journalctl /usr/sbin/sshd' what's the exact command line you have used to search for those? And did you make certain you haven't done any journal / syslog config, ops or maintenance that filtered out certain messages, pruned logs or put them in non-standard places? And in addition to what HMW wrote: you run the audit service on openSUSE then you could try something crude like 'ausearch -sv no -ts this-month -x "/usr/sbin/sshd";'?

Thanks unSpawn, ausearch did the trick.

I was using `journalctl -u sshd.service --since $jrnlStart`
where $jrnlStart was set to UnixDate("3 days ago","Y-%m-%d")

I used to use /var/log/auth.log, but it went away when journalctl came on the scene.

By filtering `ausearch -ts $jrnlStart -x "/usr/sbin/sshd"` I can get a log of who logged on and who tried to log on by IP address and user ID.

I have a little perl program that runs every night to check the state of the hardware and do various backups. This was an additional security check. The results are emailed to me so I can find out if I need to do something the next morning.

Another thing I was getting from auth.log was a list of su to root.

Glad to see it works & thanks for confirming.