You're probably seeing the results of this new automated ssh login tool that is discussed at length here:
http://seclists.org/lists/fulldisclo.../Jul/1109.html
I found it after I noticed many attempts from people to log in to my ssh server as either "root", "guest", "test" or "admin". The first thing I made sure was that my /etc/ssh/sshd_conf had "PerminRootLogin no" and that the line was uncommented. (I'm not in the habit of ever logging in as root, even from the console - su and sudo are my friends). Since I don't have the other 3 users on that system, there's not much to worry about from the morons who are running the ssh script.
But to get rid of the annoying attempts, I just added those IPs to a table of blocked IPs for in my (OpenBSD/PF) firewall. You can use sed and awk to parse your authlog for "Failed" or "Illegal", extract the IP from those lines, and automate something like this, depending on the firewall you use...or add them to /etc/hosts.deny. But be careful when automating this, it's easy to block valid IPs using such tools too.