On Sat, Jun 30, 2012 at 1:10 PM, Quinn Comendant <quinn@strangecode.com> wrote:
On Thu, 28 Jun 2012 19:56:33 +0200, Reindl Harald wrote:
> do you really think it is wise to do so?
> have fun debugging troubles without logs what happended

This is for a production server which hasn't had "troubles" for years. We can keep logging enabled on a dev server to ensure the app passes unit tests with the rules, but for our production server we don't want the overhead of logging.

So it's not possible?

Hi Quinn,

I recommend you upgrade to the latest version of the CRS, besides for fixing several security bypasses, it uses the block action which inherits the SecDefaultAction setting allowing you to setup logging as you wish globally. Otherwise, it is not possible unless you edit the action list within your current ruleset.

 - Josh

Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
mod-security-users mailing list
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: