Jun 1 22:29:32 [system_name] sshd: error: connect_to localhost port 80: failed.
Is there a way this could be triggered without someone successfully authenticating to my server? I don't think I did anything to trigger this alert (by trying to connect to my web server which is not running) so I am concerned that the system has been compromised in some way…
One thing you can do is look earlier in your logs for the authentication step by the same sshd process id. It should at least let you know which user was used for that session.