Apache Virtualhost ModSecurity Logging
November 20th, 2007
It is possible to use Apache’s custom logging feature in order to log requests, which matched a ModSecurity filter, on a per-virtualhost basis. The key for this to work is the fact that ModSecurity defines the environment variable mod_security-relevant whenever a rule is matched.
So, by adding the following statement in the virtualhost context, Apache will record information about ModSecurity’s activity for the specific virtualhost.
This statement is original from source
<IfModule mod_security.c>
CustomLog /path/to/logs/modsec_custom_log \
"%h %l %u %t \"%r\" %>s %b %{mod_security-message}i" \
env=mod_security-relevant
</IfModule>