ModSecurity parser not parsing response rules (Phase 4)

WARNING Line 0/1 is missing evt.StrTime. It is most likely a mistake as it will prevent your logs to be processed in time-machine/forensic mode.  file=/tmp/user/0/cscli_explain4047805967/parser-dump.yaml
line: 2025/10/27 19:47:46 [error] 273240#273240: *657 [client 1.1.1.1] ModSecurity: Access denied with code 403 (phase 4). Matched "Operator `Contains' with parameter `evil.webshell' against variable `RESPONSE_BODY' (Value: `<title> evil.webshell </title>\x0a<h1> evil.webshell </h1>\x0a' ) [file "/etc/modsecurity/test.conf"] [line "190"] [id "955003"] [rev ""] [msg ""] [data ""] [severity "0"] [ver ""] [maturity "0"] [accuracy "0"] [hostname "example.com"] [uri "/evil-webshell.txt"] [unique_id "176155486667.073983"] [ref "o8,13v619,56"] while sending to client, client: 1.1.1.1, server: example.com, request: "GET /evil-webshell.txt HTTP/2.0", upstream: "https://2.2.2.2:443/evil-webshell.txt", host: "example.com"
        ├ s00-raw
        |       ├ 🔴 crowdsecurity/syslog-logs
        |       └ 🟢 crowdsecurity/non-syslog (+5 ~8)
        ├ s01-parse
        |       ├ 🔴 crowdsecurity/auditd-logs
        |       ├ 🔴 crowdsecurity/modsecurity
        |       ├ 🔴 crowdsecurity/nginx-logs
        |       ├ 🔴 crowdsecurity/pkexec-logs
        |       ├ 🔴 crowdsecurity/segfault-logs
        |       └ 🔴 crowdsecurity/sshd-logs
        └-------- parser failure 🔴