goaccess has already paid off for me. I have been checking it daily since I installed it and noticed that my most requested page was xmlrpc.php. Tons of data was being POSTed to it. After a quick search, I came across a tutorial for a brute-force attack to login to a wordpress site.
I immediately logged into my VPS and renamed my xmlrpc.php file, and the attacks stopped. Thanks, goaccess.