Re: [mod-security-users] Basic help interpreting concurrent log file format
Brought to you by:
victorhora,
zimmerletw
From: Christian B. <ch...@jw...> - 2007-06-27 16:51:53
|
Hi ! Am 27.06.2007 um 18:43 schrieb Ryan Barnett: > When you switch to Concurrent logging, the index file should only =20 > contain meta-data pointers to the actual log files. The entries =20 > should look similar to this =96 > > www.bankdemo.com 127.0.0.1 - - [07/Mar/2007:10:23:36 --0500] "POST /=20= > Bloan.asp HTTP/1.1" 404 207 "-" "-" xjcud8CoD4QAAESBlSMAAAAB "-" /=20 > 20070307/20070307-1023/20070307-102336-xjcud8CoD4QAAESBlSMAAAAB 0 =20 > 1338 md5:0e4efefe9572c40afade998e3a24afa8 > > If you are seeing data like this in the index file, then you are =20 > still using Serial logging =96 I don't see this happing automagically. To me concurrent logging was =20 simply to spread the events into small files with the index being written by the use of =20 the perl-skript which is provided with the ModSecurity-Console. Please correct me if I am =20 wrong here. Regards, Chris= |