I am using mod_sec with mlogc to get my Auditlog pushed to WAF-FLE. In addition I need to have

a basic summary of the alerts sent to our central syslog server. For this purpose I've written a perl

script and configured it as SecAuditLog2. It basically does the same as mlogc. It receives the AuditLog

request, opens the audit file, grabs the needed information and logs it via syslog to our syslog server.

This works find and as expected, but the question is, does SecAuditLog and/or SecAuditLog2 have

any impact on the webserver performance or is it triggered totally independently? Otherwise I

need to rethink this and maybe write the syslog-thingy in C to have lower overhead.


I am totally aware, that the overall webserver performace might be different, as there are more

processes/threads that it needs to work on, I am really just interested in the performance of the

webserver requests and responses. In other words, will the request/response to/from the apache

webserver take any longer if I enable SecAuditLog/SecAuditLog2?