hm, thanks for the reply. I admit not having thought about that. I was simply trying to accomplish this with the minimal effort and minimal amount of plugins.
Have a look at this solution please, this might be my next try: http://kovshenin.com/2014/fail2ban-wordpress-nginx/
basically a minimal plugin living in mu-plugins that makes WP return auth failure with 403 and then I can use fail2ban to pick those up inside the nginx access logs... (others would find them inside the apache logs)
That seems the next best solution or do you have any other ideas?
ON THE OTHER HAND I just read the description of: http://wordpress.org/plugins/wp-fail2ban/ =>
WP fail2ban logs all login attempts, whether successful or not, to syslog using LOG_AUTH.
Do you mind having a look, maybe that method can be used in your plugin too?