From: Dietrich Streifert <dietrich.streifert@go...> - 2013-11-15 12:20:21
I've recently changed to SecAuditLogType Concurrent for performance
reasons and added additional logging via SecAuditLog2
This works, but I'm now missing the ability to simply follow the full
transaction information in the log file as with the serial log type.
I was used to type
tail -f /var/log/httpd/modsec_audit.log
which of course still works, but only contains the references to the
Is there any possibility (besides installing large software packages
like AuditConsole) which would allow me to follow the log, including the
informations given in the transactional files? This would be the data
contained in the audit log parts like audit log trailer etc.
Something that works using a ssh connection on the console.
Any hints would be great!