The backend 404 error log could be much improved.
For a start, it's essential to know the IP that generated the error. Without this data, from a security perspective, a 404 log is fairly useless.
Secondly, there is a field in the log for user agent. This field registers no data and appears not to work.