Hi, suffering from the same issue here, does anyone knows the right direction to point me?

My configuration: (Full conf at http://pastebin.com/2tf9jeAW )

SecAuditLogType Serial
SecAuditLog "| C:\Windows\System32\inetsrv\mlogc.exe C:\Windows\System32\inetsrv\mlogc.conf"

Answer in the windows eventviewer:
Syntax error in config file C:\Program Files\ModSecurity IIS\modsecurity.conf, line 26: ModSecurity: Failed to open the audit log pipe: C:\Windows\System32\inetsrv\mlogc.exe C:\Windows\System32\inetsrv\mlogc.conf

If i execute the piped command directly in powershell the mlogc works as expected.

from mlogc-error.log:
[Tue Jun 10 18:14:03 2014] [3] [6200/0] Configuring ModSecurity Audit Log Collector 2.8.0.
[Tue Jun 10 18:14:03 2014] [3] [6200/0] Delaying execution for 5000ms.
[Tue Jun 10 18:14:08 2014] [3] [6200/0] Queue file not found. New one will be created.
[Tue Jun 10 18:14:08 2014] [3] [6200/0] ModSecurity Audit Log Collector 2.8.0 terminating normally.

I also noted that Serial logs arent being created correctly in the folder already set in modsecurity.conf

SecAuditLogStorageDir "C:\inetpub\logs\audit"

This directory has permissions which everyone can read write and execute.

 Im stuck, any help will be apreciated.

-J

On Wed, May 21, 2014 at 12:11 PM, Ryan Barnett <RBarnett@trustwave.com> wrote:
Can you list your modsecurity conf data for the audit log directives?

Ryan Barnett
Lead Security Researcher, SpiderLabs

Trustwave | SMART SECURITY ON DEMAND
www.trustwave.com <http://www.trustwave.com/>




On 5/21/14 8:51 AM, "Marcus Semblano" <marcus.semblano@locaweb.com.br>
wrote:

>Does anyone here uses ModSecurity on IIS?
>
>No answers at all!!
>No proper documentation on IIS configuration regarding config files.
>
>Maybe it's better to file a bug report :/
>
>Atenciosamente,
>
>Marcus Semblano
>
>
>
>________________________________________
>From: Ricardo Fernandes [rfernandes@apokaliptiko.pt]
>Sent: Monday, May 19, 2014 11:21 AM
>To: mod-security-users@lists.sourceforge.net
>Subject: [mod-security-users] mlogc on IIS
>
>Hello,
>
>I'm experiencing the same problem of this link:
>http://sourceforge.net/p/mod-security/mailman/message/31780263/
>
>I cannot send the events for remote console:
>
>Syntax error in config file C:\Program Files\ModSecurity
>IIS\modsecurity.conf, line 195: ModSecurity: Failed to open the audit log
>pipe: c:\inetpub\modsecurity\bin\mlog.bat
>
>IIS 8.5 (Windows Server 2012 R2)
>The folder has all the permissions necessary
>
>Can not find anything in web out to configure correctly mlogc for iis...
>
>ModSecurity is running ok, only the part for sending for console is
>failing.
>
>Best Regards,
>Ricardo Fernandes
>
>
>
>
>
>
>--------------------------------------------------------------------------
>----
>"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>Instantly run your Selenium tests across 300+ browser/OS combos.
>Get unparalleled scalability from the best Selenium testing platform
>available
>Simple to use. Nothing to install. Get started now for free."
>http://p.sf.net/sfu/SauceLabs
>_______________________________________________
>mod-security-users mailing list
>mod-security-users@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/mod-security-users
>Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
>http://www.modsecurity.org/projects/commercial/rules/
>http://www.modsecurity.org/projects/commercial/support/
>
>--------------------------------------------------------------------------
>----
>"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>Instantly run your Selenium tests across 300+ browser/OS combos.
>Get unparalleled scalability from the best Selenium testing platform
>available
>Simple to use. Nothing to install. Get started now for free."
>http://p.sf.net/sfu/SauceLabs
>_______________________________________________
>mod-security-users mailing list
>mod-security-users@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/mod-security-users
>Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
>http://www.modsecurity.org/projects/commercial/rules/
>http://www.modsecurity.org/projects/commercial/support/
>


________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.


------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/



--
Grato,

 Tozo