diff --git a/apache/Dockerfile b/apache/Dockerfile
index d7f72f3..c6411e9 100644
--- a/apache/Dockerfile
+++ b/apache/Dockerfile
@@ -194,6 +194,7 @@ RUN set -eux; \
     mkdir -p /tmp/modsecurity/upload; \
     mkdir -p /tmp/modsecurity/tmp; \
     mkdir -p /var/log/apache2/; \
+    mkdir -p /var/log/modsecurity/audit/; \
     ln -s /opt/owasp-crs /etc/modsecurity.d/; \
     sed -i -E 's|(Listen) [0-9]+|\1 ${PORT}|' /usr/local/apache2/conf/httpd.conf; \
     sed -i -E 's|(ServerTokens) Full|\1 ${SERVER_TOKENS}|' /usr/local/apache2/conf/extra/httpd-default.conf; \
@@ -220,6 +221,7 @@ RUN set -eux; \
     sed -i -E 's|(MaxRequestWorkers[ ]*)[0-9]*|\1${WORKER_CONNECTIONS}|' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
     chown -R httpd:httpd \
         /var/log/ \
+        /var/log/modsecurity/audit/ \
         /usr/local/apache2/ \
         /etc/modsecurity.d \
         /tmp/modsecurity \
diff --git a/apache/Dockerfile-alpine b/apache/Dockerfile-alpine
index e3196da..239b879 100644
--- a/apache/Dockerfile-alpine
+++ b/apache/Dockerfile-alpine
@@ -219,12 +219,14 @@ RUN set -eux; \
     echo 'Include conf/extra/httpd-modsecurity.conf' >> /usr/local/apache2/conf/httpd.conf; \
     sed -i -E 's|(MaxRequestWorkers[ ]*)[0-9]*|\1${WORKER_CONNECTIONS}|' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
     mkdir -p /var/log/apache2; \
+    mkdir -p /var/log/modsecurity/audit/; \
     mkdir -p /tmp/modsecurity/data; \
     mkdir -p /tmp/modsecurity/upload; \
     mkdir -p /tmp/modsecurity/tmp; \
     chown -R httpd:httpd \
         /var/log/ \
         /usr/local/apache2/ \
+        /var/log/modsecurity/audit/ \
         /etc/modsecurity.d \
         /tmp/modsecurity \
         /opt/owasp-crs
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
index 7e26d6f..8a04e67 100644
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -277,7 +277,9 @@ RUN set -eux; \
         # only run this script in read-only configuration
         rm /docker-entrypoint.d/0-move-writables.sh; \
     fi; \
+    mkdir -p /var/log/modsecurity/audit; \
     chown nginx:nginx \
+        /var/log/modsecurity/audit \
         /opt/owasp-crs \
         /etc/modsecurity.d
 
diff --git a/nginx/Dockerfile-alpine b/nginx/Dockerfile-alpine
index 9384134..b5d35e0 100644
--- a/nginx/Dockerfile-alpine
+++ b/nginx/Dockerfile-alpine
@@ -278,7 +278,9 @@ RUN set -eux; \
         # only run this script in read-only configuration
         rm /docker-entrypoint.d/0-move-writables.sh; \
     fi; \
+    mkdir -p /var/log/modsecurity/audit; \
     chown nginx:nginx \
+        /var/log/modsecurity/audit \
         /opt/owasp-crs \
         /etc/modsecurity.d