Hello.
I'm trying to use mod-security (and waf-fle to view logs via web interface).
But modsecurity log to waf-fle all transactions, and logs are too much to be useful.
I've read many posts, I've tried different configurations, with no results.
My conf now is:

SecAuditEngine RelevantOnly

SecAuditLogRelevantStatus "^(?:5|4(?!04))"

SecAuditLogParts ABIDEFGHZ#SecAuditLogParts ABIJDEFHZ

SecDefaultAction "nolog,noauditlog,pass,phase:2"

SecAuditLogType Concurrent

SecAuditLogStorageDir /var/log/apache2/mlogc/data

SecAuditLog "|/usr/bin/mlogc /etc/mlogc.conf"


Into waf-fle I can see all transactions.

My modsecurity version is:


ii  libapache2-modsecurity               2.6.3-1ubuntu0.2                  Tighten web applications security for Apache


I've tried to install 2.7 version from source, with no luck.


Any suggestion will be appreciated.


Daniele Gallarato
______________________________________________________
Gli animali sono miei amici...e io non mangio i miei amici.

-- George Bernard Shaw

-- http://www.saicosamangi.info/ --