Re: [mod-security-users] mlogc semaphore issue
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] mlogc semaphore issue
|
From: Klaubert H. da S. <kla...@gm...> - 2014-01-22 14:05:19
|
Craig, I have all this issues in past with mlogc too, because I had build mlog2waffle (as a companion to WAF-FLE), but it should work with Audit Console too, as it follow the same protocol used by mlogc. You can get the last version on https://github.com/klaubert/waf-fle/tree/0.7.0-devel/extra/mlog2waffle. I hope that this can help you. Best regards, Klaubert Herr The WAF-FLE Project http://waf-fle.org On Wed, Jan 22, 2014 at 11:10 AM, Craig Lawson <cra...@se...>wrote: > Hi All, > > > > Has anyone else experienced issues with mlogc and semaphore exhaustion in > apache? > > > > Our current setup is we send logs every 10 mins via cron to AuditConsole > using the mlogc-batch-load.pl script because we have experienced CPU > issues with mlogc when used in the traditional manner of piping the logs in > SecAuditLog in the past. > > > > We have also had issues with mlogc processes staying open (using the perl > script method) unnecessarily so we started run a “pkill -9 mlogc” command > to kill mlogc processes before the next instance started... We are now > going through testing to send logs via alternative methods such as > syslog-ng, or jwall-tools. > > > > Our typical setup is as follows: Centos 6.4 x64, we use modsecurity in > reverse proxy mode. > > > > [Extracted from error_log] > > > > ModSecurity for Apache/2.7.5 (http://www.modsecurity.org/) configured. > > ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9" > > ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05" > > ModSecurity: LUA compiled version="Lua 5.1" > > ModSecurity: LIBXML compiled version="2.7.6" > > > > #httpd -V > > > > Server version: Apache/2.2.15 (Unix) > > Server built: Aug 13 2013 17:29:28 > > Server's Module Magic Number: 20051115:25 > > Server loaded: APR 1.3.9, APR-Util 1.3.9 > > Compiled using: APR 1.3.9, APR-Util 1.3.9 > > Architecture: 64-bit > > Server MPM: Prefork > > threaded: no > > forked: yes (variable process count) > > Server compiled with.... > > -D APACHE_MPM_DIR="server/mpm/prefork" > > -D APR_HAS_SENDFILE > > -D APR_HAS_MMAP > > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > > -D APR_USE_SYSVSEM_SERIALIZE > > -D APR_USE_PTHREAD_SERIALIZE > > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > > -D APR_HAS_OTHER_CHILD > > -D AP_HAVE_RELIABLE_PIPED_LOGS > > -D DYNAMIC_MODULE_LIMIT=128 > > -D HTTPD_ROOT="/etc/httpd" > > -D SUEXEC_BIN="/usr/sbin/suexec" > > -D DEFAULT_PIDLOG="run/httpd.pid" > > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > > -D DEFAULT_LOCKFILE="logs/accept.lock" > > -D DEFAULT_ERRORLOG="logs/error_log" > > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > > -D SERVER_CONFIG_FILE="conf/httpd.conf" > > > > Is there any help/guidance anyone can provide in working around the log > transportation issue? What is everyone using if you also work with > AuditConsole? > > > > Many Thanks, > > > > Craig > > > > ------------------------------ > > NOTICE AND DISCLAIMER > This e-mail (including any attachments) is intended for the above-named > person(s). If you are not the intended recipient, notify the sender > immediately, delete this email from your system and do not disclose or use > for any purpose. We may monitor all incoming and outgoing emails in line > with current legislation. We have taken steps to ensure that this email and > attachments are free from any virus, but it remains your responsibility to > ensure that viruses do not adversely affect you > > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |
