On Sat, Jun 30, 2012 at 1:10 PM, Quinn Comendant <firstname.lastname@example.org>
On Thu, 28 Jun 2012 19:56:33 +0200, Reindl Harald wrote:This is for a production server which hasn't had "troubles" for years. We can keep logging enabled on a dev server to ensure the app passes unit tests with the rules, but for our production server we don't want the overhead of logging.
> do you really think it is wise to do so?
> have fun debugging troubles without logs what happended
So it's not possible?
I recommend you upgrade to the latest version of the CRS, besides for fixing several security bypasses, it uses the block action which inherits the SecDefaultAction setting allowing you to setup logging as you wish globally. Otherwise, it is not possible unless you edit the action list within your current ruleset.