This is why we enable port knocking (SPA) on all of our Internet-facing systems: it protects against zero-days and keeps the logs pristine. As a matter fact, any failed login of any kind creates a security alert.