Something like https://github.com/bediger4000/ssh-tarpit-behavior

In TarPyt itself, logging IP addresses is out of scope (since it's impossible?), so another solution is needed. systemd 255 added NFTSet which looks like it could be used to hook up nftables's logging infra to log to the journal or something like ulogd.