I had Comodo WAF installed on my cPanel/WHM/Litespeed server as a Mod Security Vendor, and ended up wanting the UI of the Comodo WAF plugin, so I installed the plugin successfully using the bash script, then disabled the Vendor. Just to be safe, I ran the Protection Wizard and restarted Litespeed.
Since I did that, if I go WHM → Security Center → ModSecurity Tools, I no longer have any new hits in the hits list. Is that normal behavior when using the WAF plugin instead of the vendor, or should I still be getting hits there?
Do I need to look at /var/log/CWAF directly to see the hits?
I know that the vendor and plugin aren’t compatible, but I want to make sure the plugin is working now that I’ve switched.