Re: [mod-security-users] Question - ModSec Console
Brought to you by:
victorhora,
zimmerletw
From: Brian R. <Bri...@br...> - 2009-04-22 18:09:11
|
Christian Bockermann wrote: > Werner Detter wrote: >> Here's /etc/mlogc.conf >> ---------------------- >> CollectorRoot "/var/log/mlogc" >> ConsoleURI "https://192.168.0.62:8888" >> SensorUsername "sensor_n2" >> SensorPassword "xxxxxxxxx" >> LogStorageDir "/var/log/mlogc/data" >> TransactionLog "mlogc-transaction.log" >> QueuePath "mlogc-queue.log" >> ErrorLog "mlogc-error.log" >> LockFile "mlogc.lck" >> KeepEntries 0 >> ErrorLogLevel 5 >> MaxConnections 10 >> TransactionDelay 50 >> StartupDelay 1000 >> CheckpointInterval 15 >> ServerErrorTimeout 60 >> > [...] >> BUT - these files are not sent from mlogc to the console. The TCP/IP-Layer >> is fine, i'm able to telnet the modconsole-System without problems on port >> 8888 .... >> > If you can telnet to port 8888 without problems - what did you type into > your telnet session? > Did you try manual HTTP? > > If so, it seems to me that your console is speaking PLAIN HTTP on port > 8888, but you configured mlogc to use SECURE HTTPS. > Try to change the ConsoleURI in mlogc.conf to > "http://192.168.0.62:8888/rpc/auditLogReceiver" > > (BTW: Your ConsoleURI is also missing the "/rpc/auditLogReceiver" part). > > For more hints it would help if you send your mlogc-error.log (by > private mail). I agree w/Chris that it looks like the URI is wrong. Please send me the error log as well if you are still having troubles. -B -- Brian Rectanus Breach Security |