hi!
i have some quetion....
first  i am sorry  my english very poor ,  i hope some one help me,
 
i have finished install mod-security in the ubuntu 10.04
when i test loging of attacking  ,there is not proberm.
but when i install mlogc 2.5.12  for modsecurity-console  there is some question.
i finished install  mlogc
and  i attack the server there is not  log in the /var/log/mlogc
so i  read the log of modsec_debug.log ,i find (Permission denied)
so i  do  " chmod -R 755 /var/log/mlogc" then i find  some attacking log only  in the  /var/log/mlogc/data
 
question 1 :
But  in the /var/log/mlogc/data  no   mlogc-transaction.log&mlogc-queue.log&mlogc-error.log&mlogc.lck
question 2:
when i run ./mlogc  it is tell me
Usage: ./mlogc <rootdir> </path/to/mlogc> <mlogc_config>
but more mlogc INSTALL document 
 SecAuditLog "|/usr/local/bin/mlogc /etc/mlogc.conf"  there is not  <rootdir> </path/to/mlogc>.
which is i use ?
question 3:
when i start  modsecurity-console   ,and login modsecurity-console   web , but there is not some log.
 
what  can  i do  for  deal with this question !
 
 
------------------------------------------------------------------
more mlogc.conf
------------------------------------------------------------------
CollectorRoot       "/var/log/mlogc"
ConsoleURI          "https://192.168.80.142:8888/rpc/auditLogReceiver"
SensorUsername      "test"
SensorPassword      "sensor"
LogStorageDir       "data"
TransactionLog      "mlogc-transaction.log"
QueuePath           "mlogc-queue.log"
ErrorLog            "mlogc-error.log"
LockFile            "mlogc.lck"
KeepEntries         0
ErrorLogLevel       3
------------------------------------------------------------------
more modsecurity_crs_10_config.conf
------------------------------------------------------------------
 
SecAuditLogType Concurrent
SecAuditLogStorageDir /var/log/mlogc/data
SecAuditLog "|/opt/mlogc-2.5.12/mlogc /var/log/apache2/ /var/log/mlogc/mlogc /opt/mlogc-2.5.12/mlogc.conf"
 



 
--
pp.park



网易为中小企业免费提供企业邮箱(自主域名)