O que você está nos mostrando são registros gerados pelo Modsecurity. Você pode dizer que eles são ModSecurity por causa das mensagens de segmento que se parecem com isso:
--6b253045-A--
...
--6b253045-B--
...
--6b253045-C--
...
--6b253045-F--
...
--6b253045-E--
...
--6b253045-H--
...
--6b253045-Z--
O Modsecurity é um firewall / filtro da camada 7 em cima do Apache e pertence a uma classe de aplicativos de segurança conhecida como WAF - Web Application Firewall (s).
O pacote correspondente é conhecido como libapache2-mod-security no Debian e nos sistemas derivados (incluindo o Ubuntu).
Package: libapache2-mod-security2
External Resources:
Homepage [www.modsecurity.org]Tighten web applications security for Apache
Modsecurity is an Apache module whose purpose is to tighten the Web application security. Effectively, it is an intrusion detection and prevention system for the web server.
At the moment its main features are:
Audit log; store full request details in a separate file, including POST payloads.
Request filtering; incoming requests can be analysed and offensive requests
can be rejected (or simply logged, if that is what you want). This feature can be used to prevent many types of attacks (e.g. XSS attacks, SQL injection, ...) and even allow you to run insecure applications on your servers (if you have no other choice, of course).
Para instalá-lo, você executa:
sudo apt install libapache2-mod-security