which parameters would you edit to get the IP of the attacker ?
in fact I need something like that in logs
Feb 19 11:37:25 nethserver-dev perl: pam_unix(system-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=192.168.xx.xx user=root
instead of
Feb 19 11:37:25 nethserver-dev perl: pam_unix(system-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
this is the example of jail that we need to trick -> https://pve.proxmox.com/wiki/Fail2ban