Changing ModSecurity Logging on a Per Transaction Basis

This can be achieved by using the apache template system to alter the SecAuditEngine directive on a user or domain basis. On a cPanel server this can be achieved by placing *.conf files at the following locations:

/usr/local/apache/conf/userdata/std/2/username/modsec.conf /usr/local/apache/conf/userdata/ssl/2/username/modsec.conf

with contents:

<LocationMatch .*>
    SecAuditEngine On
</LocationMatch>

The "On" setting tells mod security to log transaction data for all response codes (except 404/401 due to a different pathway)