Page 2 of 2
Re: Help with LF_MODSEC
Posted: 10 Sep 2013, 21:12
by drsprite
Interestingly enough, your suggestion didn't work.
That resulted in nothing in the audit_log. Is there another part of modsec I'm missing?
I've reverted back to my ErrorLog tee'ing which seems to be the best solution at this time.
Re: Help with LF_MODSEC
Posted: 24 Dec 2024, 11:22
by ssh2site
I know this is a very old thread, but it comes up in the top Google search results, so I will add my solution (for which I cannot recollect the source):
In my setup, every virtualhost / domain has their own access log and error log file.
For this setup to trap and block using Modsecurity+CSF, I specify the error log files as follows:
MODSEC_LOG = "/var/log/httpd/*error*log"
This scans all error log files generated by Apache.
Depending on the number of domains on your server, your server configuration, your server provider, etc, this *may* add a slight load / IO burden to your server. Test it. YMMV.