Currently I have logwatch running, and via cron job it will send an email to me each evening. In the email it will list the http requests, however, it is not possible to see which virtual host they come from. For example I a report will say:
Requests with error response codes 403 Forbidden /wp-content/uploads/: 2 Time(s)
It would be better if it said:
Requests with error response codes 403 Forbidden www.mydomain.com/wp-content/uploads/: 2 Time(s)
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.