For a server with no publicly advertised addresses, I get a steady stream of hits on my backup Web server – none of them good. For those who are interested, I have created an annotated text file, detailing a couple of days of traffic.
I have been watching this closely on both of my public servers for about a week; I think I have nearly enough data to automate parsing the logs, doing whois and ptr record searches, etc.
Other than putting it into a database, I don’t know quite what I will do with this data at present. Still, my philosophy is "what you don’t record, you can’t analyse."