I think you need to modify your 
SecAuditLogRelevantStatus
and set 
SecAuditEngine RelevantOnly 
if you don't have already 

Best Regards
Michael

Am 02.08.2013 um 19:16 schrieb Paul Hanson <paulh@haas.berkeley.edu>:

Configure debug [0][1].  Be aware that it will quickly grow on a busy server.

[0] https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecDebugLog
[1] https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecDebugLogLevel

Cheers!
Paul

 We will never ask for your credentials to be sent in an email
 or typed into a web page other than the official campus CAS
 login page or Haas branded pages.

-----Original Message-----
From: Schöke, Karsten [mailto:Karsten.Schoeke@geobasis-bb.de]
Sent: Friday, August 2, 2013 4:40 AM
To: mod-security-users@lists.sourceforge.net
Subject: [mod-security-users] Apache Error 401 Unauthorized

Hi,

i have a mod_security 2.5.12-1+squeeze2 with core rules.

Many messages are log on Server in this format:

--8c965e1a-A--
[02/Aug/2013:10:20:20 +0200] UftrxAqFA3YAACrPHeAAAAAQ 93.219.66.103 3773 10.133.3.86 443
--8c965e1a-B--
GET /wss/service/WMS-ALKIS/httpauth?VERSION=1.1.1&REQUEST=GetMap&SRS=EPSG:25833&BBOX=301915.456861387,5881998.64671762,302211.339056303,5882183.43477503&WIDTH=1335&HEIGHT=834&LAYERS=adv_alkis_flurstuecke&STYLES=&EXCEPTIONS=application/vnd.ogc.se_xml&FORMAT=image/png&BGCOLOR=0xFFFFFF&TRANSPARENT=TRUE HTTP/1.1
Accept: */*
Referer: http://www.esri.com/38AABB31-1E7D-44DF-8F82-D62EA543888C
User-Agent: ArcGIS Client Using WinInet
Host: server.de
Connection: Keep-Alive
Cache-Control: no-cache

--8c965e1a-E--

--8c965e1a-F--
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic Realm="Die Nutzung dieses Dienstes erfordert eine Authentifizierung!"
Content-Length: 954
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8

--8c965e1a-H--
Apache-Handler: jakarta-servlet
Stopwatch: 1375431620291293 65220 (1274 64299 -)
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.5.12 (http://www.modsecurity.org/); core ruleset/1.6.1; core ruleset/2.0.5.
Server: Apache

--8c965e1a-Z--


I don’t find any rule for this event.
How can exit this from log?

Thx
Karsten

------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/