The lastb command can be used to list failed login attempts. By default, it displays a nice table of all failed attempts, including the username, time, and host the attempt had originated from.
sudo lastb -w | cut -d " " -f 1 | sort | uniq | less
The -w tells lastb to display the full username. The cut, sort, and uniq commands turn the output of lastb into a sorted list that contains each username only once.
When I ran it recently on my server, I found some interesting results. Nobody tried in the last fortnight to log in with root, but they did try with r00t, root2, root3, roottest, rootuser, and a bunch of similar ones. There were a bunch of generic users such as admin, support, test, user, sales, and a surprising number of software-related ones: wordpress, wp, stunnel, mysql, moodle, mongodb, minecraft, etc.
Another useful command is
$ sudo lastb -f /var/log/btmp.1 -w -i | awk '{print $3}' | sort | uniq --count | sort -nr | less
which lists hosts sorted by the number of failed attempts originating from each host.
Overall, in the last two weeks my server experienced more than 3300 failed login attempts using more than 800 unique usernames. Fortunately, as my server only allows public-key authentication via ssh, all those attempts are pretty futile.