Wrong question, you are asking in terms of config.
State the requirement in terms of a device or user without mentioning config.
Then the right tools can be applied.
There are dozens of posts on this, you can find them in the forum.
Example one below, but you will have to slightly adapt, since you are seeking for a message like "login failure for user"
Such script will have to be scheduled to run eg. every 5 minutes and it will parse the logs of the last 5 minutes (adjustable) and add the IP-address to a list.
Please let us know what you want users/devices to be able to do, and what they should not be able to do without any talk of the config.
If it helps draw a network diagram