Maybe not a lot of interest in this due to complexity of deploying/configuring ModSecurity, combined w/absence of nodebb stack specific rulesets. Security is difficult so not much can be done about the deploy/config aspects but ModSecurity devs are starting to focus some efforts on the latter.
For those interested, and willing to roll up their sleeves, development of node.js targeted attack ruleset is slated for next release of OWASP CRS, scheduled for Sept. 2019. More info here:
Yeah, events.js seems like it should contain the functionality for this. It currently only logs UID, but a lot of those functions should probably log the IP of the triggering party as well.
It seems like the only way to do that is to have IP be a parameter for most of those calls. That's a little tedious.
my fantasy: events are logged to the db as well as flatfile, have severity/importance levels, contain as much info as possible about who triggered it if the logging fn is passed a socket or request object, there's hooks for events of high severity, by default sends email or notification to admins when high-sev occurs