I wan't focusing on hardening a server, my point was avoiding simple random scans for the sake of log management.
Maybe I've used the word "security" too lightheartedly?
Fail2ban still solves that problem. A few entries with failed auth, and hey presto no more log entries because it's rejected by the firewall.
It's a well established pattern for brute force tools to not just try the default port, but perform a port scan to detect listening ports, and then try those.
Putting your services on other ports just makes things inconvenient for the user, nothing more.
Use fail2ban or similar to ip-block brute force attempts, and minimise public services like MySQL, etc by requiring a vpn/ssh tunnel to connect.
How is this idea of using random ports for "security" still a thing?
Do the same people suggest md5 for passwords too?