Hi

Using 2.1.0 on apache 2.2.4 configured as reversed proxy and logging to modsecurity console
I did a benchmark on the box and accidentally triggered one of the rules.
watching the server-status page all requests were in "L" state (logging) and apache was slow with serving requests.
disabled logging with modsec-auditlog-collector.pl and the benchmark was ok.
looks like the modsec-auditlog-collector.pl performance isn't so great, and in production an attacker can easily DDOS the server by triggering a couple of thousands requests.

any one checked the performance of the logging with over 100/Req per second


Tomer