Hello ModSecurity Developers/Users.
I'm using nginx  with mod_security with OWASP rules

nginx -V
nginx version: nginx/1.2.0
built by gcc 4.2.1 20070719  [FreeBSD]
configure arguments: --add-module=../modsecurity-apache_2.7.1/nginx/modsecurity/

Questions:
1) I have 10 sites on my nginx and can not  see in error.log  SiteName(Full URI) for which the rule applies

2013/01/31 09:58:43 [info] 34380#0: [client XX.XX.XX.XX] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/nginx/conf/owasp/activated_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "standalone"] [uri "/bonuses/cards_6.jpg"] [unique_id "12345"]

2013/01/31 10:01:16 [info] 14639#0: [client XX.XX.XX.XX  ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/nginx/conf/owasp/activated_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "standalone"] [uri "/"] [unique_id "12345"]

2013/01/31 10:01:21 [info] 31646#0: [client XX.XX.XX.XX  ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/nginx/conf/owasp/activated_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "standalone"] [uri "/favicon.ico"] [unique_id "12345"]

2) IF I use error.log for each site I just see records like that 
No any records about mod_security records
2013/01/31 10:27:05 [info] 34380#0: *147235 kevent() reported that client XX.XX.XX.XX closed keepalive connection (54: Connection reset by peer)
2013/01/31 10:27:05 [info] 34380#0: *147220 kevent() reported that client XX.XX.XX.XX closed keepalive connection (54: Connection reset by peer)
2013/01/31 10:28:00 [info] 30378#0: *147326 kevent() reported that client XX.XX.XX.XX closed keepalive connection


What should I do to see it in error.log?
-- 
С Уважением, 
Онищенко Антон 
т.(495) 648-60-07
ao@ixi.ru  ®