Re: [mod-security-users] Defining Additional Log Files?
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <rya...@br...> - 2010-01-25 14:28:27
|
On Friday 22 January 2010 02:22:37 pm Ken S. wrote: > I was wondering if there is a way to assign an additional log file for > when a specific rule matches. For instance, I need to start capturing > all POST data, but want it to go to it's own log file and not to the > audit_log or Apache error_log. > > I think this custom rule would log the data: > SecRule REQUEST_METHOD "^POST$" "phase:2,t:none,noauditlog,log,allow" > > but was wondering if there was anything like this that would log to > another file: > SecRule REQUEST_METHOD "^POST$" > "phase:2,t:none,noauditlog,log:/usr/local/apache2/logs/modsecurity/post-dat > a.log,allow" > You should be able to do this using the "exec" action - http://www.modsecurity.org/documentation/modsecurity-apache/2.5.11/modsecurity2-apache- reference.html#N117CC > > An additional question, as I'm looking closer at the SecRule, if I put > this rule in my modsecurity_crs_15_customrules.conf file, will the > "allow" option cause this rule to not be evaluated by any other CRS > rules? Will a request with a POST match this rule, log, and then exit > and move to the next request? If so, how do I get it to log and then > continue on through the rest of the rules? > Use the pass action instead. |