Greetings from Greece. I am a newbie in mod_security 2.x so please bear with me...
I am trying to understand in detail the different audit log parts.
For example in my log file I have:
[29/Dec/2008:23:12:29 +0100] xU3lkMMYTucAAGNDUFwAAAAY 220.127.116.11 2703 18.104.22.168 80
What do all these parts mean ? What are the two IP addresses and what the number between them represent ?
I tried to search for it in the manual but all it says is that the A part is the audit log header and that is mandatory. It also explains the --b1820656-A-- part but not what is inside (at least I could not find it).
Is there any extensive documentation on the log format, what the different parts mean and if we can modify them ?
It is very important for me as some IPs are asking for some weird things from my server.
I thank you all so much for your help
Best regards to all