Re: [mod-security-users] Logs and what to do with them

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Central4all,

I am assuming that you are talking about the audit logs, in that case, the JSON logging is the easiest option to parser/read.

Br.,
Felipe “Zimmerle” Costa
Security Researcher, Lead Developer ModSecurity.

Trustwave | SMART SECURITY ON DEMAND
www.trustwave.com<http://www.trustwave.com/>

From: central4all <cen...@gm...>
Reply-To: "mod...@li..." <mod...@li...>
Date: Monday, October 23, 2017 at 6:26 AM
To: "mod...@li..." <mod...@li...>
Subject: Re: [mod-security-users] Logs and what to do with them

I really thank you but it looks really hard,
is there a paid service for this ?

On Mon, Oct 23, 2017 at 12:17 PM, Christian Folini <chr...@ne...<mailto:chr...@ne...>> wrote:
Hi central4all,

We've all been there. Getting started with these logs can be very painful.

I suggest you look up the tutorials at netnea.com<http://scanmail.trustwave.com/?c=4062&d=1bXt2f8BlYA2GlORZhkgGmjbc77tcC4yfNjmE2Uelg&s=5&u=http%3a%2f%2fnetnea%2ecom>. There is a log about
logfile handling for ModSecurity in those tutorials and it really
pays to work through them.

Cheers,

Christian

On Mon, Oct 23, 2017 at 12:06:37PM +0300, central4all wrote:
>    I have many logs that look not good,
>    but i cant find a guide what to do with them.
>    http://prntscr.com/h0twdj<http://scanmail.trustwave.com/?c=4062&d=1bXt2f8BlYA2GlORZhkgGmjbc77tcC4yfIriQWNLwA&s=5&u=http%3a%2f%2fprntscr%2ecom%2fh0twdj>
>    Please advice
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org!<http://scanmail.trustwave.com/?c=4062&d=1bXt2f8BlYA2GlORZhkgGmjbc77tcC4yfIzjEWYbkQ&s=5&u=http%3a%2f%2fSlashdot%2eorg%21> http://sdm.link/slashdot<http://scanmail.trustwave.com/?c=4062&d=1bXt2f8BlYA2GlORZhkgGmjbc77tcC4yfNqwF2IdlQ&s=5&u=http%3a%2f%2fsdm%2elink%2fslashdot>

> _______________________________________________
> mod-security-users mailing list
> mod...@li...<mailto:mod...@li...>
> https://lists.sourceforge.net/lists/listinfo/mod-security-users<https://scanmail.trustwave.com/?c=4062&d=1bXt2f8BlYA2GlORZhkgGmjbc77tcC4yfNm3EDEblA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-users>
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/<http://scanmail.trustwave.com/?c=4062&d=1bXt2f8BlYA2GlORZhkgGmjbc77tcC4yfIvlRGhPkA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2frules%2f>
> http://www.modsecurity.org/projects/commercial/support/<http://scanmail.trustwave.com/?c=4062&d=1bXt2f8BlYA2GlORZhkgGmjbc77tcC4yfIrhFmQbxQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2fsupport%2f>

--
ModSecurity courses Oct 2017 in London and Zurich
https://www.feistyduck.com/training/modsecurity-training-course<https://scanmail.trustwave.com/?c=4062&d=1bXt2f8BlYA2GlORZhkgGmjbc77tcC4yfInjEmIclw&s=5&u=https%3a%2f%2fwww%2efeistyduck%2ecom%2ftraining%2fmodsecurity-training-course>
https://www.feistyduck.com/books/modsecurity-handbook/<https://scanmail.trustwave.com/?c=4062&d=1bXt2f8BlYA2GlORZhkgGmjbc77tcC4yfI7gFWgamw&s=5&u=https%3a%2f%2fwww%2efeistyduck%2ecom%2fbooks%2fmodsecurity-handbook%2f>
mailto:chr...@ne...<mailto:chr...@ne...>
twitter: @ChrFolini

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!<http://scanmail.trustwave.com/?c=4062&d=1bXt2f8BlYA2GlORZhkgGmjbc77tcC4yfIzjEWYbkQ&s=5&u=http%3a%2f%2fSlashdot%2eorg%21> http://sdm.link/slashdot<http://scanmail.trustwave.com/?c=4062&d=1bXt2f8BlYA2GlORZhkgGmjbc77tcC4yfNqwF2IdlQ&s=5&u=http%3a%2f%2fsdm%2elink%2fslashdot>
_______________________________________________
mod-security-users mailing list
mod...@li...<mailto:mod...@li...>
https://lists.sourceforge.net/lists/listinfo/mod-security-users<https://scanmail.trustwave.com/?c=4062&d=1bXt2f8BlYA2GlORZhkgGmjbc77tcC4yfNm3EDEblA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-users>
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/<http://scanmail.trustwave.com/?c=4062&d=1bXt2f8BlYA2GlORZhkgGmjbc77tcC4yfIvlRGhPkA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2frules%2f>
http://www.modsecurity.org/projects/commercial/support/<http://scanmail.trustwave.com/?c=4062&d=1bXt2f8BlYA2GlORZhkgGmjbc77tcC4yfIrhFmQbxQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2fsupport%2f>