Re: [mod-security-users] anomaly scoring logging
Brought to you by:
victorhora,
zimmerletw
From: Avi R. <av...@gr...> - 2013-05-27 15:05:43
|
Hi, I enabled the K section and it's quite detailed, however it doesn't mention the parameter that triggered each matching rule. While the H section indicates things like TX:950109-OWASP_CRS/PROTOCOL_VIOLATION/EVASION-ARGS:sqlQuery. the K section will show %{rule.id}-OWASP_CRS/WEB_ATTACK/SQL_INJECTION-%{matched_var_name}=%{tx.0}" Avi On 2013-05-23, at 6:47 PM, Christian Folini <chr...@ti...> wrote: > Hi Avi, > > Did you try the "K"-part of the audit-log? > > Christian > > On Thu, May 23, 2013 at 05:47:51PM +0300, Avi Rosenblatt wrote: >> Hi, >> I'm currently using anomaly scoring with owasp 2.2.6 (modsec 2.7.3) and I want the detailed audit log to contain all rules that the request hit. Right now the log only shows the rule that caused the 403 and none of the others that contributed to the score. Can anyone help with the config? >> >> Thanx >> Avi >> ------------------------------------------------------------------------------ >> Try New Relic Now & We'll Send You this Cool Shirt >> New Relic is the only SaaS-based application performance monitoring service >> that delivers powerful full stack analytics. Optimize and monitor your >> browser, app, & servers with just a few lines of code. Try New Relic >> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ Avi Rosenblatt IT Manager av...@gr... 305-600-4362 ------------------------- Green Smoke, Inc. USA It's Electric™ |