Code: Select all
SecAuditLogType ConcurrentI've reverted back to my ErrorLog tee'ing which seems to be the best solution at this time.
Help with LF_MODSEC
Re: Help with LF_MODSEC
Interestingly enough, your suggestion didn't work.
That resulted in nothing in the audit_log. Is there another part of modsec I'm missing?
I've reverted back to my ErrorLog tee'ing which seems to be the best solution at this time.
I've reverted back to my ErrorLog tee'ing which seems to be the best solution at this time.
Re: Help with LF_MODSEC
I know this is a very old thread, but it comes up in the top Google search results, so I will add my solution (for which I cannot recollect the source):
In my setup, every virtualhost / domain has their own access log and error log file.
For this setup to trap and block using Modsecurity+CSF, I specify the error log files as follows:
MODSEC_LOG = "/var/log/httpd/*error*log"
This scans all error log files generated by Apache.
Depending on the number of domains on your server, your server configuration, your server provider, etc, this *may* add a slight load / IO burden to your server. Test it. YMMV.
In my setup, every virtualhost / domain has their own access log and error log file.
For this setup to trap and block using Modsecurity+CSF, I specify the error log files as follows:
MODSEC_LOG = "/var/log/httpd/*error*log"
This scans all error log files generated by Apache.
Depending on the number of domains on your server, your server configuration, your server provider, etc, this *may* add a slight load / IO burden to your server. Test it. YMMV.