Conclusion

Running a critical web application requires system administrators and security managers to have an idea of the attack exposure and the event logs. Most installations log application bugs to a local file, but debugging is most of the times disabled on a production environment. And most importantly: web applications don't log security attacks at all!

The web server logs don't contain POST parameters, so it is very difficult to see an attack payload.

Combining the open-source web application firewall ModSecurity with the Splunk framework allows IT people to detect attacks against their web applications and have an idea on the frequency of attacks against their environment.