Dec 18 10:56:46 serv1 sshd[16577]: Failed password for invalid user test from 5.56.160.101 port 35932 ssh2
Dec 18 10:56:55 serv1 sshd[16579]: Failed password for invalid user test from 5.56.160.101 port 38287 ssh2
Dec  3 13:27:02 serv1 sshd[17885]: Failed password for invalid user root from 222.186.56.41 port 1709 ssh2
Dec 13 11:54:17 serv1 sshd[31391]: Failed password for invalid user root from 103.41.124.54 port 49460 ssh2
Nov 17 19:00:31 serv1 sshd[11354]: Failed password for invalid user root from 122.225.97.79 port 49199 ssh2
Nov 30 02:37:58 serv1 sshd[11372]: Failed password for invalid user root from 220.177.198.28 port 2655 ssh2
Nov 17 21:20:26 serv1 sshd[11514]: Failed password for invalid user root from 218.2.0.120 port 43516 ssh2
Dec 17 21:14:28 serv1 sshd[13563]: Failed password for invalid user root from 122.225.103.124 port 31382 ssh2
Dec 18 12:30:05 serv1 sshd[14326]: Failed password for invalid user arbab from 120.193.193.151 port 41890 ssh2
Dec 18 13:55:17 serv1 sshd[14370]: Failed password for invalid user bin from 125.65.165.215 port 45085 ssh2
Dec  1 12:30:12 serv1 sshd[14374]: Failed password for invalid user root from 101.64.236.225 port 47438 ssh2
Dec 19 03:08:15 serv1 sshd[16542]: Failed password for invalid user arbab from 67.18.223.130 port 52819 ssh2
Dec 19 03:08:18 serv1 sshd[16544]: Failed password for invalid user admin from 67.18.223.130 port 53548 ssh2
Dec 19 03:08:22 serv1 sshd[16546]: Failed password for invalid user root from 67.18.223.130 port 54041 ssh2
Dec 19 05:40:38 serv1 sshd[16704]: Failed password for invalid user root from 91.83.237.230 port 52341 ssh2
Dec 19 05:40:42 serv1 sshd[16706]: Failed password for invalid user bin from 91.83.237.230 port 52635 ssh2
Dec 19 06:01:44 serv1 sshd[16720]: Failed password for invalid user arbab from 74.208.66.78 port 34089 ssh2
Dec 19 06:01:47 serv1 sshd[16723]: Failed password for invalid user admin from 74.208.66.78 port 34746 ssh2
Dec 19 06:01:53 serv1 sshd[16725]: Failed password for invalid user root from 74.208.66.78 port 35516 ssh2
Dec 19 06:01:55 serv1 sshd[16727]: Failed password for invalid user root from 74.208.66.78 port 37056 ssh2
Dec 19 06:26:49 serv1 sshd[16767]: Failed password for invalid user arbab from 74.52.177.182 port 34797 ssh2
Dec 19 06:26:52 serv1 sshd[16769]: Failed password for invalid user admin from 74.52.177.182 port 38481 ssh2
Dec 19 06:26:54 serv1 sshd[16771]: Failed password for invalid user root from 74.52.177.182 port 39153 ssh2
Dec 19 07:34:49 serv1 sshd[16849]: Failed password for invalid user arbab from 173.12.246.241 port 49958 ssh2
Dec 19 07:34:52 serv1 sshd[16851]: Failed password for invalid user admin from 173.12.246.241 port 50326 ssh2
Dec 19 07:34:55 serv1 sshd[16853]: Failed password for invalid user root from 173.12.246.241 port 50575 ssh2
Dec 19 07:34:58 serv1 sshd[16855]: Failed password for invalid user root from 173.12.246.241 port 50886 ssh2
Nov 19 06:56:38 serv1 sshd[17567]: Failed password for invalid user root from 218.2.0.129 port 26237 ssh2
Dec 19 14:57:47 serv1 sshd[18160]: Failed password for invalid user arbab from 198.74.100.10 port 57285 ssh2
Dec 19 14:57:49 serv1 sshd[18162]: Failed password for invalid user admin from 198.74.100.10 port 57988 ssh2
Dec 19 14:57:53 serv1 sshd[18164]: Failed password for invalid user root from 198.74.100.10 port 58637 ssh2
Dec 19 14:57:55 serv1 sshd[18166]: Failed password for invalid user root from 198.74.100.10 port 59637 ssh2
Dec 19 15:26:44 serv1 sshd[18199]: Failed password for invalid user arbab from 174.79.103.106 port 51173 ssh2
Dec 19 15:26:48 serv1 sshd[18201]: Failed password for invalid user admin from 174.79.103.106 port 52469 ssh2
Dec 19 15:26:51 serv1 sshd[18203]: Failed password for invalid user root from 174.79.103.106 port 53322 ssh2
Dec 19 17:48:46 serv1 sshd[18785]: Failed password for invalid user admin from 64.251.22.13 port 53179 ssh2
Dec 19 17:48:50 serv1 sshd[18787]: Failed password for invalid user test from 64.251.22.13 port 53364 ssh2
Dec 19 17:48:54 serv1 sshd[18789]: Failed password for invalid user root from 64.251.22.13 port 53515 ssh2
Dec  3 20:47:19 serv1 sshd[19074]: Failed password for invalid user root from 222.186.56.41 port 3849 ssh2
Dec  4 00:28:31 serv1 sshd[19263]: Failed password for invalid user root from 122.225.109.99 port 50099 ssh2
Dec 19 21:57:15 serv1 sshd[19332]: Failed password for invalid user arbab from 107.0.105.241 port 34097 ssh2
Dec 19 21:57:23 serv1 sshd[19334]: Failed password for invalid user admin from 107.0.105.241 port 34771 ssh2
Dec 19 21:57:28 serv1 sshd[19336]: Failed password for invalid user root from 107.0.105.241 port 35367 ssh2

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

daemon.*;mail.*;\
	news.err;\
	*.=debug;*.=info;\
	*.=notice;*.=warn	|/dev/xconsole

sudo xconsole -file /dev/xconsole

Dec  4 00:28:31 serv1 sshd[19263]: Failed password for invalid user root from 122.225.109.99 port 50099 ssh2

Dec  4 00:28:29 serv1 sshd[19263]: Failed password for invalid user root from 122.225.109.99 port 50099 ssh2

]# grep ForwardTo /etc/systemd/journald.conf
ForwardToSyslog=no
ForwardToKMsg=yes
ForwardToConsole=no

]# grep ^\$ModLoad.imklog /etc/rsyslog.conf 
$ModLoad imklog

$ModLoad imklog
$ModLoad imuxsock