Just because it logs the packet doesn’t mean it gave up any meaningful information. It probably just allows fail2ban to increment the counter. Some IP listed as a know ‘bad actor’ from Lithuania seems to be a lifer in my postfix jail.
But perhaps we want hacking attempts so we can offload the IP’s to a central server over syslog and then apply them to the border firewalls… its only script kiddies playing with meta or hydra but the more we can block at the borders the less we need to handle locally. just imo.