|
From: Breno S. P. (JIRA) <no...@mo...> - 2012-06-16 17:23:21
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-242?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-242.
--------------------------------------
Resolution: Incomplete
Closing this as it is old and we don't have a confirmation if the problem is into latest modsecurity version
> mlogc skips some entries
> ------------------------
>
> Key: MODSEC-242
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-242
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Affects Versions: 2.5.13
> Environment: Linux
> Reporter: Jonathan Marcil
> Assignee: Breno Silva Pinto
>
> I'm using mlogc-batch-load.pl and I'm not sure if this bug is mlogc, modsecurity or the perl script.
> In my mlogc-error.log I get this error :
> [Thu Apr 28 17:15:05 2011] [2] [587/80d6890] Invalid entry (failed to match regex): host 123.123.123.123 - - [21/Apr/2011:08:48:38 --0400] \"GET /\" - - \"-\" \"-\" TbAnpgoUAN4AAB0HXxcAAAAk \"-\" /20110421/20110421-0848/20110421-084838-TbAnpgoUAN4AAB0HXxcAAAAk 0 302 md5:14a030fec980272ed579d34c1fc330fb
> And if if check the content of the file I have :
> --4d3b0120-A--[21/Apr/2011:06:37:27 --0400] TbAI5woUAN4AAB-X8X0AAAAh 123.123.123.123 53503 123.123.123.124 443 --4d3b0120-B-- GET / --4d3b0120-F-- --4d3b0120-H-- Stopwatch: 1303382247803705 349 (- - -) Producer: ModSecurity for Apache/2.5.13 (http://www.modsecurity.org/). Server: Apache --4d3b0120-Z--
> Notice that the F part is empty and the B part only contains "GET /".
> Current workaround : In mlogc-batch-load.pl I just change the default response_status to "400" and bytes_sent to "0" instead of "-" (around line 69).
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
