Don't take it wrong, Fail2ban is an excellent tool to prevent brute-force attacks. However, sometimes there are production scenarios where you need to keep your door slightly open. It is the classic dilemma security vs utilization; in pro fo the security, you may have a lot of countermeasures that will block many things, depending your paranoia, you may close as much as you want to a point that you may start to have false positives; in pro of the production you may need to keep up and running your service no matter what, you even will need to accept some brute-force attacks from "clean" IPs.
If you don't know, Homer is a very powerful tool that VoIP companies use to analyze what happened (or what is happening win semi-real-time) in the PBX. You can analyze what happened in a call reported one hour ago without disrupting the customer (sounds awesome right?).
However, the not so bright side of Homer is that it needs a lot of babysitting. Sooner than later, because of the way it works, your database will be overloaded. The more calls you have the more information Homer will need to store, then you will need a really huge server. Another thing you must know is that Homer needs a lot of love, the vanilla installation won't help you a lot. You must set up the reports, which could take some time to master.
I have a solution if you are okay by giving up some few things.
Today, I am publishing the RPMs for PCAP SIP Dump 0.2. All you need to do is to add my OKay's RPM repository, and just install it. PCAP SIP Dump is a tool for dumping SIP sessions (+RTP traffic, if available) to disk in a fashion similar to tcpdump -w" (format is exactly the same), but one file per sip session (even if there are thousands of concurrent SIP sessions).
RPM's are available for Centos 6 and 7. And you can find it if you type yum search pcapsipdump.