A iptables hashlimit rule can do the same. Your firewall rules get to be more readable and you don't end up relying on the security of a log parser.

The biggest win comes from just disabling password authentication in sshd though.