I thought I'd post a little update. I've installed logcheck which is excellent. Every hour I'm emailed a summary of security related events filtered from the log files.
It has certainly highlighted the importance of turning off root login for ssh (given the number of root login attempts) and the importance of a having a strong password. I'm still considering moving ssh to a different port just to cut down on wasted traffic from failed logins. Thanks to everyone who made suggestions - it has been an eye opening experience.
