By far the most common thing you see in logs is automated http attacks from "zombie" machines infected with various worms (CodeRed & Nimda mostly)

The next most common thing in logs is port scans. A site I used to admin got port scanned several times per day.

After that it could be almost anything. Generally speaking, nearly all the attacks you will see are entirely automated, done either by skiddie tools, or much more commonly worms.

As far as successful attacks are concerned, I think the most common kind is people going into systems that are entirely unprotected - system with default passwords, or no password at all.

Then they usually plant some mal-ware - usually off-the-shelf back doors like BackOrrifice etc. Although virus scanners will detect some of these, they can easily be modified to evade detection (although I've never seen a modified one in the wild)

Lastly, if you leave an FTP server open with any writeable directories in it (even if they are several levels deep, and non-obvious, if they have been left open by accident), warez kiddies will rapidly fill them up with ripped games, etc, ultimately producing DoS when your disc becomes full and wasting your bandwidth.