The verbosity rule is to only log requests with bad credentials.
Optionally, you can enable the audit collector to log malicious requests into an index, so you can make graphs in Kibana.
Remember though that this is a very weak solution, until you also use SSL, which conveniently, ROR supports.