litespeed+mod_security error_log hostname issue

Hi dear friends
i have a problem when i switch to litespeed
here is apache webserver + mod_security error log (which help me grep target domain in error_log to find the issue in simple way)
[:error][client] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<[a-z0-9]{6}>" at ARGS:emailglobalheader. [file "/var/cpanel/cwaf/rules/02_Global_Generic.conf"] [line "303"] [id "211310"] [rev "1"] [msg "COMODO WAF: XSS vulnerability"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "MY_DOMAIN"] [uri "/admin/configgeneral.php"] [unique_id "W8DOEZHqAC6q7V3BpaMNVQAAAEM"], referer: https://MY_DOMAIN/admin/configgeneral.php?nocache=ZpelEI30vO501102
but here is same error when using litepeed + mod_security (you can see it does not include hostname or etc which shows what does this error belongs to!?!!
[NOTICE] [] mod_security rule [Id '211310'] triggered!
[modsecurity] [Fri Oct 12 18:37:16 2018] [error] [client] ModSecurity: Access denied with code 403, [Rule: 'ARGS|ARGS_NAMES|REQUEST_URI|REQUEST_HEADERS:User-Agent|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:/description/|!ARGS:post|!ARGS:desc|!ARGS:html_message|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/' '@rx <[a-z0-9]{6}>'] [id "211310"] [rev "1"] [msg "COMODO WAF: XSS vulnerability"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
[NOTICE] [] Content len: 15147, Request line: 'POST /admin/configgeneral.php?action=save HTTP/1.1'
so i need help to find setting which create logs same as apache with referer domain i tried changing admin console log levels etc,,, but it does not make change!
Last edited by a moderator: