Goaccess

Goaccess, a CLI tool, allows you to browse Nginx logs for example to see all requests that failed.

Interestingly, the most frequent path there, right after the page root (/), is /.env.

That's the file where in case of server misconfiguration, all passwords used by the app (DB, third-party services) would be available for reading.

Hacking bots are clearly very busy.