List of examples:
for IP, method and URL
# tail -n 500 -F modsec_audit_XXX.log | egrep '(Engine-Mode|GET|POST|178\.94)'
For id of Rule:
# tail -n 500 -F modsec_audit_XXX.log | egrep '\[id "[0-9]*"\]'
Bots:
# tail -n 500 -F modsec_audit_XXX.log | egrep '(User-Agent|GET|POST|Engine-Mode)'
LP coloring 1:
tail -n 500 -F modsec_audit_XXX.log | egrep '(GET.*|POST.*|User.*|\[id "[0-9]+"|148.251)'