Hi, ive put mod sec 1.9 on our apache 1.3 server and moved some rules over from our 1.8 install. How do i now put the server in detection mode ?

I left the SecAuditEngine to On but turned off SecFilterEngine Off, it doesnt log anything, when i turned on SecFilterEngine On even with this default action i get denials, we just want to detect and monitor so we can clean up the false positives as alot of scripts pass dirty data in query strings on these servers like urls, etc

SecFilterDefaultAction "allow,log,status:403"