Re: [mod-security-users] Anonymize Logs
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iva...@gm...> - 2009-02-26 13:43:40
|
You would need to insert your tool between ModSecurity (Apache) and mlogc: 1. ModSecurity would talk to your program instead of mlogc. 2. Your program would start mlogc on startup and open a pipe to it. 3. Your program would receive notifications and sanitise audit log files. 4. Your program would sent notifications to mlogc. On Thu, Feb 26, 2009 at 10:00 AM, Heiko <dur...@go...> wrote: > supposed i had such a parser script. how and where could i "inject" it > into the modsecurity-autitlog-process? could i anyhow anynonymize the > auditlog before mlogc is notified about the new file? > > heiko > > 2009/2/26 Ivan Ristic <iva...@gm...>: >> ModSecurity uses piped logging only to notify mlogc that a new file is >> available; it otherwise writes data directly to the file. >> >> The easiest solution for you may be to simply patch ModSecurity itself >> to not record IP addresses. Any other approach may require you to have >> a parser for the audit log format, which is non-trivial. >> > > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA > -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise > -Strategies to boost innovation and cut costs with open source participation > -Receive a $600 discount off the registration fee with the source code: SFAD > http://p.sf.net/sfu/XcvMzF8H > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Appliances, Rule Sets and Support: > http://www.modsecurity.org/breach/index.html > -- Ivan Ristic |