I am using mod_sec with mlogc to get my Auditlog pushed to WAF-FLE. In addition I need to have
a basic summary of the alerts sent to our central syslog server. For this purpose I've written a perl
script and configured it as SecAuditLog2. It basically does the same as mlogc. It receives the AuditLog
request, opens the audit file, grabs the needed information and logs it via syslog to our syslog server.
This works find and as expected, but the question is, does SecAuditLog and/or SecAuditLog2 have
any impact on the webserver performance or is it triggered totally independently? Otherwise I
need to rethink this and maybe write the syslog-thingy in C to have lower overhead.
I am totally aware, that the overall webserver performace might be different, as there are more
processes/threads that it needs to work on, I am really just interested in the performance of the
webserver requests and responses. In other words, will the request/response to/from the apache
webserver take any longer if I enable SecAuditLog/SecAuditLog2?