Ok log level 9 works, but also floods the log files with all requests like this:
2009-04-24 10:27:55.461 [INFO] [18.104.22.168:33167-2] no request variables, skip ruleset: SQL Injection attack
Like 1000 log entries in 10 minutes.
How to just log when an attack happens.
Soon as I drop to level 8, only logs ALL requests that skip the ruleset.
I'm using native filters from admin console.