Re: [mod-security-users] Offline Monitoring Using ModSecurity
Brought to you by:
victorhora,
zimmerletw
From: Suresh P. <sur...@ba...> - 2014-08-04 09:15:38
|
Reindl, For us modsecurity works fine, but to get historical and graphical view of attacks and patterns we use AuditConsole which uses mlogc to get logs from Apache Server. Is there any other modSecurity recommended GUI or parser tool we can use. Regards, Suresh On Mon, Aug 4, 2014 at 2:31 PM, Reindl Harald <h.r...@th...> wrote: > > > Am 04.08.2014 um 10:51 schrieb Suresh Prajapati: > > So what is the other way to avoide the mlogc load on Apache server to > use ModSecurity ? > > As modSecurity is taking lot of CPU and on some Server 100% CPU > utilization. > > what mlogc load are you talking about? > > if you have 100% CPU load the reason is just a wrong config > for production and not that mod_security is running and so > instead disable the WAF start to talk about your config > > frankly i build mod_security without mlogc at all and we have up > to 1300 requests/second on a page driven with our own PHP CMS > protected by mod_security > > > On Mon, Aug 4, 2014 at 2:03 PM, Reindl Harald <h.r...@th...: > > > > > > Am 04.08.2014 um 09:12 schrieb Suresh Prajapati: > > > I want run modsecurity on non Apache server where I can send my > Apache logs and get the alert. > > > Can we get this feature with mod security. > > > > and how does this help even if it would be possible? > > > > anyways, it is not possible because you don't have > > POST/COOKIE/SESSION in any logs > > > > > The idea is to avoid modsecurity load on Web server > > > > the intention of mod_security to *block* requests and > > have an alert that something bad already happened is > > nonsense > > > > it's a *webserver module* writing logs of blocked requests > > > > ------------------------------------------------------------------------------ > Infragistics Professional > Build stunning WinForms apps today! > Reboot your WinForms applications with our WinForms controls. > Build a bridge from your legacy apps to the future. > > http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > -- Thanks, Suresh Information Security Analyst sur...@ba... Mobile: +91 8884199479 DISCLAIMER: Information contained and transmitted by this email including any attachment is proprietary to BankBazaar.com and is intended solely for the addressee/s, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If this is a forwarded message, the content and the views expressed in this email may not reflect those of BankBazaar.com. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the named recipient, you are notified that any use, distribution, transmission, printing, copying or dissemination of this information in any way or in any manner is strictly prohibited. |