Since the log messages are written by the sshd daemon after an established connection, then my understanding is that the host strings have already been validated by the sshd daemon since the log records would not be in there since the /var/log/auth.log has messages regarding the sshd login attempts after host validation happens.
Is this correct?
Sample log messages:
Sep 8 06:28:55 boxhost sshd: Invalid user teamspeak3 from 18.104.22.168 port 57936
Sep 8 06:29:51 boxhost sshd: Failed password for root from 22.214.171.124 port 62425 ssh2
Sep 8 06:29:52 boxhost sshd: Failed password for invalid user password123 from 126.96.36.199 port 56756 ssh2
In the above log lines there are ipv4 addresses but they could be ipv6 or host.com format host strings, i am inclined to say that since a connection was established before these messages appear in this log file, that they passed the sshd validation steps in order to establish connection.