I can not answer your questions but I can share a script with you that can help monitoring access to your system. Feel free to modify the script based on your need. The script will send you an email if there is a failed access attempt (one step before Fail2Ban jail) or if the system was successful accessed from unauthorized IP address. The script will send you one email notification. Then you either whitelist the IP address or block and clear from your log (so if there is another attempt you will get notification)