We still get lots of attacks, but it generates a nice log in the error_log for tracking/reporting purposes...
using rewrite, it kills the tool that is hitting me in about 85% of the attacks. This makes the log smaller so if you try it, set it up to process the rewrite first then the url's it could help speed things up a bit (this file is processed on every request I believe) and make a little less work with the logs for you.
Just a thought.