if you are accessing pega through a web server, the access log should already have that with an error code (e.g., 401). In the meantime, pega system logs should show error/exception as well. Is this for troubleshooting or for production environment?
Your question should be about how to prevent and not just print log alert pertaining to a malicious hack. URL modification is one way of hack and can be avoided by turning on urlencryption. But there are other changes you can do within the application that will prevent such attacks. I suggest you reach out to your security team and have them generate a vulnerability report for your specific app. Then submit it to Pega via an SR to get recommendations specific to the PRPC version and the application built in it.