So you are installing the ModSecurity Console on each host that is running ModSecurity?  The idea behind the console is have a central location for remote ModSecurity hosts to send their logs to.  Regardless, the mechanism to use to actually transfer the logs into the console is to use the modsec-auditlog-collector perl script that comes with the ModSecurity 1.9.4 archive.  Take a look at the logging documentation here - http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/html-multipage/07-logging.html.  Look under the “New Audit Log Type” section for info.

 

--
Ryan C. Barnett
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache

 


From: Dan Rossi [mailto:spam@electroteque.org]
Sent: Thursday, December 28, 2006 1:42 AM
To: Ryan Barnett
Cc: mod-security-users@lists.sourceforge.net
Subject: Re: [mod-security-users] how to get console to collect concurrent logs

 

Ryan Barnett wrote:

What do you mean by “collect concurrent logs from a given path”?  Are you referring to how to send concurrent audit log data from ModSecurity hosts to the central Console host?


Hi Ryan, I dont know if you understood it, the console on the localhost of the server does not collect any of the mod security logs this is on all servers i have tried it on. There is definately logs in there though, tonnes of false positives which is why i need this up and running so i can fix it all up.

So basically console runs fine, but cannot load any transactions or any data at all and there is no documentation of what to do next.

I setup some sensor if thats what it needs and selected apache in the pulldown i use apache 2.0.59 and mod sec 2, the interesting thing is in the server-info section it does not display the set configs for mod security could this be the issue , is that how it knows where to get the logs ie i have them being stored on our development machine /var/log/apache2/modsec/console/

etc

 

--
Ryan C. Barnett
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache

 


From: mod-security-users-bounces@lists.sourceforge.net [mailto:mod-security-users-bounces@lists.sourceforge.net] On Behalf Of Dan Rossi
Sent: Wednesday, December 27, 2006 7:21 PM
To: mod-security-users@lists.sourceforge.net
Subject: [mod-security-users] how to get console to collect concurrent logs

 

Hi ive asked here quite a few times already, i cant work out how to get the console to collect the concurrent logs from a given path. The console is blank its not collecting and transactions at all, any ideas what do i need to do as there is no log path setting.

Let me know thanks.