Re: [mod-security-users] mlogc semaphore issue
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] mlogc semaphore issue
|
From: Craig L. <cra...@se...> - 2014-01-23 12:07:32
|
Thanks Klaubert, Is it possible to use https? Currently receiving a lot of these errors, works fine over http: Error in HTTP connection: 500 Can't connect to ***.***.***.***:8443 (certificate verify failed) Is there a way to turn off the certificate verification for a self-cert during testing? Craig From: Klaubert Herr da Silveira [mailto:kla...@gm...] Sent: 22 January 2014 14:05 To: mod...@li... Subject: Re: [mod-security-users] mlogc semaphore issue Craig, I have all this issues in past with mlogc too, because I had build mlog2waffle (as a companion to WAF-FLE), but it should work with Audit Console too, as it follow the same protocol used by mlogc. You can get the last version on https://github.com/klaubert/waf-fle/tree/0.7.0-devel/extra/mlog2waffle. I hope that this can help you. Best regards, Klaubert Herr The WAF-FLE Project http://waf-fle.org On Wed, Jan 22, 2014 at 11:10 AM, Craig Lawson <cra...@se...<mailto:cra...@se...>> wrote: Hi All, Has anyone else experienced issues with mlogc and semaphore exhaustion in apache? Our current setup is we send logs every 10 mins via cron to AuditConsole using the mlogc-batch-load.pl<http://mlogc-batch-load.pl> script because we have experienced CPU issues with mlogc when used in the traditional manner of piping the logs in SecAuditLog in the past. We have also had issues with mlogc processes staying open (using the perl script method) unnecessarily so we started run a "pkill -9 mlogc" command to kill mlogc processes before the next instance started... We are now going through testing to send logs via alternative methods such as syslog-ng, or jwall-tools. Our typical setup is as follows: Centos 6.4 x64, we use modsecurity in reverse proxy mode. [Extracted from error_log] ModSecurity for Apache/2.7.5 (http://www.modsecurity.org/) configured. ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9" ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05" ModSecurity: LUA compiled version="Lua 5.1" ModSecurity: LIBXML compiled version="2.7.6" #httpd -V Server version: Apache/2.2.15 (Unix) Server built: Aug 13 2013 17:29:28 Server's Module Magic Number: 20051115:25 Server loaded: APR 1.3.9, APR-Util 1.3.9 Compiled using: APR 1.3.9, APR-Util 1.3.9 Architecture: 64-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/etc/httpd" -D SUEXEC_BIN="/usr/sbin/suexec" -D DEFAULT_PIDLOG="run/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="logs/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" Is there any help/guidance anyone can provide in working around the log transportation issue? What is everyone using if you also work with AuditConsole? Many Thanks, Craig ________________________________ NOTICE AND DISCLAIMER This e-mail (including any attachments) is intended for the above-named person(s). If you are not the intended recipient, notify the sender immediately, delete this email from your system and do not disclose or use for any purpose. We may monitor all incoming and outgoing emails in line with current legislation. We have taken steps to ensure that this email and attachments are free from any virus, but it remains your responsibility to ensure that viruses do not adversely affect you ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ mod-security-users mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ ________________________________ NOTICE AND DISCLAIMER This e-mail (including any attachments) is intended for the above-named person(s). If you are not the intended recipient, notify the sender immediately, delete this email from your system and do not disclose or use for any purpose. We may monitor all incoming and outgoing emails in line with current legislation. We have taken steps to ensure that this email and attachments are free from any virus, but it remains your responsibility to ensure that viruses do not adversely affect you |
