Thread: [mod-security-users] mlogc semaphore issue
Brought to you by:
victorhora,
zimmerletw
From: Craig L. <cra...@se...> - 2014-01-22 13:23:50
|
Hi All, Has anyone else experienced issues with mlogc and semaphore exhaustion in apache? Our current setup is we send logs every 10 mins via cron to AuditConsole using the mlogc-batch-load.pl script because we have experienced CPU issues with mlogc when used in the traditional manner of piping the logs in SecAuditLog in the past. We have also had issues with mlogc processes staying open (using the perl script method) unnecessarily so we started run a "pkill -9 mlogc" command to kill mlogc processes before the next instance started... We are now going through testing to send logs via alternative methods such as syslog-ng, or jwall-tools. Our typical setup is as follows: Centos 6.4 x64, we use modsecurity in reverse proxy mode. [Extracted from error_log] ModSecurity for Apache/2.7.5 (http://www.modsecurity.org/) configured. ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9" ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05" ModSecurity: LUA compiled version="Lua 5.1" ModSecurity: LIBXML compiled version="2.7.6" #httpd -V Server version: Apache/2.2.15 (Unix) Server built: Aug 13 2013 17:29:28 Server's Module Magic Number: 20051115:25 Server loaded: APR 1.3.9, APR-Util 1.3.9 Compiled using: APR 1.3.9, APR-Util 1.3.9 Architecture: 64-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/etc/httpd" -D SUEXEC_BIN="/usr/sbin/suexec" -D DEFAULT_PIDLOG="run/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="logs/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" Is there any help/guidance anyone can provide in working around the log transportation issue? What is everyone using if you also work with AuditConsole? Many Thanks, Craig ________________________________ NOTICE AND DISCLAIMER This e-mail (including any attachments) is intended for the above-named person(s). If you are not the intended recipient, notify the sender immediately, delete this email from your system and do not disclose or use for any purpose. We may monitor all incoming and outgoing emails in line with current legislation. We have taken steps to ensure that this email and attachments are free from any virus, but it remains your responsibility to ensure that viruses do not adversely affect you |
From: <chr...@go...> - 2015-11-12 08:27:41
|
Hi all, we have a RHEL 6.6 with apache httpd + modsecurity + mlogc. In our environment the number of semaphores is increasing as well. I made the following observation. Extract from modsecurity main.conf: SecAuditLog "|/opt/modsecurity/bin/mlogc /opt/modsecurity/etc/mlogc.conf" On graceful restarts of the httpd the number of semaphores usually doesn't increase. Extract from mlogc-error.log when a graceful restart of the httpd is done: [Wed Nov 11 10:55:42 2015] [3] [32634/0] Configuring ModSecurity Audit Log Collector 2.9.0. [Wed Nov 11 10:55:42 2015] [3] [32634/0] Delaying execution for 5000ms. [Wed Nov 11 10:55:42 2015] [3] [24270/0] Caught SIGTERM, shutting down. [Wed Nov 11 10:55:42 2015] [3] [24270/2605340] Running final transaction checkpoint. [Wed Nov 11 10:55:42 2015] [3] [24270/0] ModSecurity Audit Log Collector 2.9.0 terminating normally. [Wed Nov 11 10:55:42 2015] [3] [32635/0] Configuring ModSecurity Audit Log Collector 2.9.0. [Wed Nov 11 10:55:42 2015] [3] [32635/0] Delaying execution for 5000ms. [Wed Nov 11 10:55:47 2015] [3] [32634/0] Caught SIGTERM, shutting down. [Wed Nov 11 10:55:47 2015] [3] [32634/0] ModSecurity Audit Log Collector 2.9.0 terminating normally. The mlogc process receives a SIGTERM and enters a "delay modus", a new mlogc process is created and after 5 seconds the old mlogc process disappears. This can be seen with the ps command very well. But, if you do a seconds graceful restart while the old mlogc process is still in the "delay modus", then a left over semaphore will be the result. It seams like mlogc doens't handle a second SIGTERM very well. On SLES 10 (glibc-2.4-31.119.2, 32bit) mlogc is running without any problems. It seams to be a problem in the combination of RHEL 6.6 (glibc 2.12) + mlogc. Best, Christian ____________________________________________________________________________________________________ Gesellschaft: Gothaer Systems GmbH Sitz: Gothaer Allee 1, 50969 Köln (Hausanschrift) Aufsichtsrat: Dr. Mathias Bühring-Uhle (Vorsitzender) Geschäftsführung: Dr. Hans Volkmar Weckesser (Vorsitzender), Hans Berg Rechtsform: Gesellschaft mit beschränkter Haftung Registergericht: Amtsgericht Köln, HRB 25642 USt.-IdNr. DE811850000 |
From: Klaubert H. da S. <kla...@gm...> - 2014-01-22 14:05:19
|
Craig, I have all this issues in past with mlogc too, because I had build mlog2waffle (as a companion to WAF-FLE), but it should work with Audit Console too, as it follow the same protocol used by mlogc. You can get the last version on https://github.com/klaubert/waf-fle/tree/0.7.0-devel/extra/mlog2waffle. I hope that this can help you. Best regards, Klaubert Herr The WAF-FLE Project http://waf-fle.org On Wed, Jan 22, 2014 at 11:10 AM, Craig Lawson <cra...@se...>wrote: > Hi All, > > > > Has anyone else experienced issues with mlogc and semaphore exhaustion in > apache? > > > > Our current setup is we send logs every 10 mins via cron to AuditConsole > using the mlogc-batch-load.pl script because we have experienced CPU > issues with mlogc when used in the traditional manner of piping the logs in > SecAuditLog in the past. > > > > We have also had issues with mlogc processes staying open (using the perl > script method) unnecessarily so we started run a “pkill -9 mlogc” command > to kill mlogc processes before the next instance started... We are now > going through testing to send logs via alternative methods such as > syslog-ng, or jwall-tools. > > > > Our typical setup is as follows: Centos 6.4 x64, we use modsecurity in > reverse proxy mode. > > > > [Extracted from error_log] > > > > ModSecurity for Apache/2.7.5 (http://www.modsecurity.org/) configured. > > ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9" > > ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05" > > ModSecurity: LUA compiled version="Lua 5.1" > > ModSecurity: LIBXML compiled version="2.7.6" > > > > #httpd -V > > > > Server version: Apache/2.2.15 (Unix) > > Server built: Aug 13 2013 17:29:28 > > Server's Module Magic Number: 20051115:25 > > Server loaded: APR 1.3.9, APR-Util 1.3.9 > > Compiled using: APR 1.3.9, APR-Util 1.3.9 > > Architecture: 64-bit > > Server MPM: Prefork > > threaded: no > > forked: yes (variable process count) > > Server compiled with.... > > -D APACHE_MPM_DIR="server/mpm/prefork" > > -D APR_HAS_SENDFILE > > -D APR_HAS_MMAP > > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > > -D APR_USE_SYSVSEM_SERIALIZE > > -D APR_USE_PTHREAD_SERIALIZE > > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > > -D APR_HAS_OTHER_CHILD > > -D AP_HAVE_RELIABLE_PIPED_LOGS > > -D DYNAMIC_MODULE_LIMIT=128 > > -D HTTPD_ROOT="/etc/httpd" > > -D SUEXEC_BIN="/usr/sbin/suexec" > > -D DEFAULT_PIDLOG="run/httpd.pid" > > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > > -D DEFAULT_LOCKFILE="logs/accept.lock" > > -D DEFAULT_ERRORLOG="logs/error_log" > > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > > -D SERVER_CONFIG_FILE="conf/httpd.conf" > > > > Is there any help/guidance anyone can provide in working around the log > transportation issue? What is everyone using if you also work with > AuditConsole? > > > > Many Thanks, > > > > Craig > > > > ------------------------------ > > NOTICE AND DISCLAIMER > This e-mail (including any attachments) is intended for the above-named > person(s). If you are not the intended recipient, notify the sender > immediately, delete this email from your system and do not disclose or use > for any purpose. We may monitor all incoming and outgoing emails in line > with current legislation. We have taken steps to ensure that this email and > attachments are free from any virus, but it remains your responsibility to > ensure that viruses do not adversely affect you > > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |
From: Craig L. <cra...@se...> - 2014-01-23 12:07:32
|
Thanks Klaubert, Is it possible to use https? Currently receiving a lot of these errors, works fine over http: Error in HTTP connection: 500 Can't connect to ***.***.***.***:8443 (certificate verify failed) Is there a way to turn off the certificate verification for a self-cert during testing? Craig From: Klaubert Herr da Silveira [mailto:kla...@gm...] Sent: 22 January 2014 14:05 To: mod...@li... Subject: Re: [mod-security-users] mlogc semaphore issue Craig, I have all this issues in past with mlogc too, because I had build mlog2waffle (as a companion to WAF-FLE), but it should work with Audit Console too, as it follow the same protocol used by mlogc. You can get the last version on https://github.com/klaubert/waf-fle/tree/0.7.0-devel/extra/mlog2waffle. I hope that this can help you. Best regards, Klaubert Herr The WAF-FLE Project http://waf-fle.org On Wed, Jan 22, 2014 at 11:10 AM, Craig Lawson <cra...@se...<mailto:cra...@se...>> wrote: Hi All, Has anyone else experienced issues with mlogc and semaphore exhaustion in apache? Our current setup is we send logs every 10 mins via cron to AuditConsole using the mlogc-batch-load.pl<http://mlogc-batch-load.pl> script because we have experienced CPU issues with mlogc when used in the traditional manner of piping the logs in SecAuditLog in the past. We have also had issues with mlogc processes staying open (using the perl script method) unnecessarily so we started run a "pkill -9 mlogc" command to kill mlogc processes before the next instance started... We are now going through testing to send logs via alternative methods such as syslog-ng, or jwall-tools. Our typical setup is as follows: Centos 6.4 x64, we use modsecurity in reverse proxy mode. [Extracted from error_log] ModSecurity for Apache/2.7.5 (http://www.modsecurity.org/) configured. ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9" ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05" ModSecurity: LUA compiled version="Lua 5.1" ModSecurity: LIBXML compiled version="2.7.6" #httpd -V Server version: Apache/2.2.15 (Unix) Server built: Aug 13 2013 17:29:28 Server's Module Magic Number: 20051115:25 Server loaded: APR 1.3.9, APR-Util 1.3.9 Compiled using: APR 1.3.9, APR-Util 1.3.9 Architecture: 64-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/etc/httpd" -D SUEXEC_BIN="/usr/sbin/suexec" -D DEFAULT_PIDLOG="run/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="logs/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" Is there any help/guidance anyone can provide in working around the log transportation issue? What is everyone using if you also work with AuditConsole? Many Thanks, Craig ________________________________ NOTICE AND DISCLAIMER This e-mail (including any attachments) is intended for the above-named person(s). If you are not the intended recipient, notify the sender immediately, delete this email from your system and do not disclose or use for any purpose. We may monitor all incoming and outgoing emails in line with current legislation. We have taken steps to ensure that this email and attachments are free from any virus, but it remains your responsibility to ensure that viruses do not adversely affect you ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ mod-security-users mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ ________________________________ NOTICE AND DISCLAIMER This e-mail (including any attachments) is intended for the above-named person(s). If you are not the intended recipient, notify the sender immediately, delete this email from your system and do not disclose or use for any purpose. We may monitor all incoming and outgoing emails in line with current legislation. We have taken steps to ensure that this email and attachments are free from any virus, but it remains your responsibility to ensure that viruses do not adversely affect you |
From: Klaubert H. da S. <kla...@gm...> - 2014-01-27 18:34:32
|
Craig, I just push to github a new version of mlog2waffle to make cert validation optional, get it in https://github.com/klaubert/waf-fle/tree/0.7.0-devel/extra/mlog2waffle and check $CHECK_CERT directive in mlog2waffle.conf. Best regards, Klaubert On Thu, Jan 23, 2014 at 10:07 AM, Craig Lawson <cra...@se...>wrote: > Thanks Klaubert, > > > > Is it possible to use https? Currently receiving a lot of these errors, > works fine over http: > > > > Error in HTTP connection: 500 Can't connect to ***.***.***.***:8443 > (certificate verify failed) > > > > Is there a way to turn off the certificate verification for a self-cert > during testing? > > > > Craig > > > > > > *From:* Klaubert Herr da Silveira [mailto:kla...@gm...] > *Sent:* 22 January 2014 14:05 > *To:* mod...@li... > *Subject:* Re: [mod-security-users] mlogc semaphore issue > > > > Craig, > > > > I have all this issues in past with mlogc too, because I had build > mlog2waffle (as a companion to WAF-FLE), but it should work with Audit > Console too, as it follow the same protocol used by mlogc. You can get the > last version on > https://github.com/klaubert/waf-fle/tree/0.7.0-devel/extra/mlog2waffle. > > > > I hope that this can help you. > > > > Best regards, > > > > Klaubert Herr > > The WAF-FLE Project > > http://waf-fle.org > > > > On Wed, Jan 22, 2014 at 11:10 AM, Craig Lawson <cra...@se...> > wrote: > > Hi All, > > > > Has anyone else experienced issues with mlogc and semaphore exhaustion in > apache? > > > > Our current setup is we send logs every 10 mins via cron to AuditConsole > using the mlogc-batch-load.pl script because we have experienced CPU > issues with mlogc when used in the traditional manner of piping the logs in > SecAuditLog in the past. > > > > We have also had issues with mlogc processes staying open (using the perl > script method) unnecessarily so we started run a “pkill -9 mlogc” command > to kill mlogc processes before the next instance started... We are now > going through testing to send logs via alternative methods such as > syslog-ng, or jwall-tools. > > > > Our typical setup is as follows: Centos 6.4 x64, we use modsecurity in > reverse proxy mode. > > > > [Extracted from error_log] > > > > ModSecurity for Apache/2.7.5 (http://www.modsecurity.org/) configured. > > ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9" > > ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05" > > ModSecurity: LUA compiled version="Lua 5.1" > > ModSecurity: LIBXML compiled version="2.7.6" > > > > #httpd -V > > > > Server version: Apache/2.2.15 (Unix) > > Server built: Aug 13 2013 17:29:28 > > Server's Module Magic Number: 20051115:25 > > Server loaded: APR 1.3.9, APR-Util 1.3.9 > > Compiled using: APR 1.3.9, APR-Util 1.3.9 > > Architecture: 64-bit > > Server MPM: Prefork > > threaded: no > > forked: yes (variable process count) > > Server compiled with.... > > -D APACHE_MPM_DIR="server/mpm/prefork" > > -D APR_HAS_SENDFILE > > -D APR_HAS_MMAP > > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > > -D APR_USE_SYSVSEM_SERIALIZE > > -D APR_USE_PTHREAD_SERIALIZE > > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > > -D APR_HAS_OTHER_CHILD > > -D AP_HAVE_RELIABLE_PIPED_LOGS > > -D DYNAMIC_MODULE_LIMIT=128 > > -D HTTPD_ROOT="/etc/httpd" > > -D SUEXEC_BIN="/usr/sbin/suexec" > > -D DEFAULT_PIDLOG="run/httpd.pid" > > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > > -D DEFAULT_LOCKFILE="logs/accept.lock" > > -D DEFAULT_ERRORLOG="logs/error_log" > > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > > -D SERVER_CONFIG_FILE="conf/httpd.conf" > > > > Is there any help/guidance anyone can provide in working around the log > transportation issue? What is everyone using if you also work with > AuditConsole? > > > > Many Thanks, > > > > Craig > > > > > ------------------------------ > > > NOTICE AND DISCLAIMER > This e-mail (including any attachments) is intended for the above-named > person(s). If you are not the intended recipient, notify the sender > immediately, delete this email from your system and do not disclose or use > for any purpose. We may monitor all incoming and outgoing emails in line > with current legislation. We have taken steps to ensure that this email and > attachments are free from any virus, but it remains your responsibility to > ensure that viruses do not adversely affect you > > > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > > > ------------------------------ > > NOTICE AND DISCLAIMER > This e-mail (including any attachments) is intended for the above-named > person(s). If you are not the intended recipient, notify the sender > immediately, delete this email from your system and do not disclose or use > for any purpose. We may monitor all incoming and outgoing emails in line > with current legislation. We have taken steps to ensure that this email and > attachments are free from any virus, but it remains your responsibility to > ensure that viruses do not adversely affect you > > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |
From: Christian B. <ch...@jw...> - 2014-01-23 13:11:04
|
Hi Craig, one other option you can try is to use the jwall-tools from jwall.org. There exists a Java-based 'mlogc' command, which allows your to start an mlgoc-process outside of the Apache environment. You can simply use rotatelogs, to write out the SecAuditLog and start the external mlogc to consume that file: In Apache: SecAuditLog "|rotatelogs /var/log/mlogc/index.log 3600" this will write out the index log to files like /var/log/mlogc/index.log.TIMESTAMP and create new logs every hour. Next, you start the jwall-tools' mlogc command: # jwall mlogc /path/to/mlogc.conf /var/log/mlogc/index.log You can re-use your original 'mlogc.conf' configuration file. The jwall-tools' mlogc command will consume the /var/log/mlogc/index.log.TIMESTAMP files and delete them after it successfully uploaded the events that are referenced in there. Best regards, Chris Am 22.01.2014 um 14:10 schrieb Craig Lawson <cra...@se...>: > Hi All, > > Has anyone else experienced issues with mlogc and semaphore exhaustion in apache? > > Our current setup is we send logs every 10 mins via cron to AuditConsole using the mlogc-batch-load.pl script because we have experienced CPU issues with mlogc when used in the traditional manner of piping the logs in SecAuditLog in the past. > > We have also had issues with mlogc processes staying open (using the perl script method) unnecessarily so we started run a “pkill -9 mlogc” command to kill mlogc processes before the next instance started... We are now going through testing to send logs via alternative methods such as syslog-ng, or jwall-tools. > > Our typical setup is as follows: Centos 6.4 x64, we use modsecurity in reverse proxy mode. > > [Extracted from error_log] > > ModSecurity for Apache/2.7.5 (http://www.modsecurity.org/) configured. > ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9" > ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05" > ModSecurity: LUA compiled version="Lua 5.1" > ModSecurity: LIBXML compiled version="2.7.6" > > #httpd -V > > Server version: Apache/2.2.15 (Unix) > Server built: Aug 13 2013 17:29:28 > Server's Module Magic Number: 20051115:25 > Server loaded: APR 1.3.9, APR-Util 1.3.9 > Compiled using: APR 1.3.9, APR-Util 1.3.9 > Architecture: 64-bit > Server MPM: Prefork > threaded: no > forked: yes (variable process count) > Server compiled with.... > -D APACHE_MPM_DIR="server/mpm/prefork" > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > -D APR_USE_SYSVSEM_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=128 > -D HTTPD_ROOT="/etc/httpd" > -D SUEXEC_BIN="/usr/sbin/suexec" > -D DEFAULT_PIDLOG="run/httpd.pid" > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_LOCKFILE="logs/accept.lock" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > > Is there any help/guidance anyone can provide in working around the log transportation issue? What is everyone using if you also work with AuditConsole? > > Many Thanks, > > Craig > > > > NOTICE AND DISCLAIMER > This e-mail (including any attachments) is intended for the above-named person(s). If you are not the intended recipient, notify the sender immediately, delete this email from your system and do not disclose or use for any purpose. We may monitor all incoming and outgoing emails in line with current legislation. We have taken steps to ensure that this email and attachments are free from any virus, but it remains your responsibility to ensure that viruses do not adversely affect you > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk_______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |