I'd say the the single most important thing that you've mentioned there is 'logcheck'. If you can remove all of the login spam (by moving ssh to a non-default port for example), then watching your logs becomes a reasonable task and will alert you to any specifically targeted attacks.