On Thu, Oct 31, 2013 at 10:56 AM, Daniele Gallarato <daniele.gallarato@email.it> wrote:
Hello again Josh.
For example, mod-security logs this event:


Hi Daniele,

Can you send me the entire audit log for that event?

--
 - Josh
 

Response Details

H E A D E R
HTTP/1.1 200 OK
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 543
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive

I'd like to disable these types of logging,

Thanks a lot.
Daniele


Daniele Gallarato
______________________________________________________
Gli animali sono miei amici...e io non mangio i miei amici.

-- George Bernard Shaw

-- http://www.saicosamangi.info/ --


2013/10/31 Daniele Gallarato <daniele.gallarato@email.it>
Are these transactions false positives? Should they not be logged for another reason?

They are only transactions, every users that connect to our site make a log for any connection, this means many and many logs for every connection; after one month of modsecurity, we have 10GB of mysql DB!
Unreadable!

Hi Daniele,

It sounds like you have a large number of false positives. I recommend tuning your ruleset. Ryan wrote a great blog post about that here:

Contact me privately if you need assistance

Hi Josh. 

Thanks, but they aren't false positive, they are simply all the transactions; they are marked with a white flag, while the alarms are marked with a red flag. 

Daniele Gallarato
______________________________________________________
Gli animali sono miei amici...e io non mangio i miei amici.

-- George Bernard Shaw

-- http://www.saicosamangi.info/ --





------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/