I'm trying to use mod-security (and waf-fle to view logs via web interface).
But modsecurity log to waf-fle all transactions, and logs are too much to be useful.
I've read many posts, I've tried different configurations, with no results.
My conf now is:

SecAuditEngine RelevantOnly

SecAuditLogRelevantStatus "^(?:5|4(?!04))"

SecAuditLogParts ABIDEFGHZ#SecAuditLogParts ABIJDEFHZ

SecDefaultAction "nolog,noauditlog,pass,phase:2"

SecAuditLogType Concurrent

SecAuditLogStorageDir /var/log/apache2/mlogc/data

SecAuditLog "|/usr/bin/mlogc /etc/mlogc.conf"

Into waf-fle I can see all transactions.

My modsecurity version is:

ii  libapache2-modsecurity               2.6.3-1ubuntu0.2                  Tighten web applications security for Apache

I've tried to install 2.7 version from source, with no luck.

Any suggestion will be appreciated.

Daniele Gallarato
Gli animali sono miei amici...e io non mangio i miei amici.

-- George Bernard Shaw

-- http://www.saicosamangi.info/ --