Send modsecurity rule hits over syslog
For XG syslog, Web Server Protection Events only sends request information. If a request is matched against a Modsecurity rule from the common threats filter, this entry is not sent over via syslog, but it is logged locally in /log/reverseproxy.log. It's common industry practice to implement Modsecurity in monitor mode first in order to root out any false positives that could negatively effect the application. Not sending these rule hits makes it much more difficult to gather statistics. This is especially difficult if there are multiple deployments that need to be monitored. Having the entire reverseproxy.log streamed via syslog would make this process much easier.