[mod-security-users] Logging configuration Question
Brought to you by:
victorhora,
zimmerletw
From: OSSEC j. <oss...@gm...> - 2009-03-12 17:56:11
|
I want to have different .conf files for my ModSecurity installation and had a few questions regarding the logging. I know there are two different log files, modsec_audit.log and modsec_debug.log. modsec_audit.log contains the full source/html of the page that an attack request came through on and also the attack information. Correct? modsec_debug.log just contains the relevant info of the attack with all the html info, correct? If I wanted to have only a modsec_debug.log be generated from events, would my configuration look like this? *deny,log,status:501* ** If I wanted both a modsec_debug.log and modsec_audit.log to be generated from events, would my configuration looks like this? *deny,log,auditlog,status:501* ** I could always turn off the deny and allow the traffic to pass through as a passive configuration but just wanted to be 100% sure I understand the logging capabilities and configuration. Thank you. ** |