mod_security: track user to check if redirected to login failed page

view story

http://serverfault.com – I have to log when a user fails to log in to a web application. Unfortunately, this web application is not able to do this out of the box and I can not change it. Now I'm experimenting with mod_security. My idea is to track the POST request, extract the username and then check if the user gets redirected to the "login failed" page. I have: <Location /login.php> # Sanitize password variable value SecAction nolog,phase:2,sanitiseArg:password SecRule REQUEST_BODY "username=(.*)&password" "capture,log,logdata:'login submitted: user %{TX.1}'" </Location> a (HowTos)