Re: [mod-security-users] mod_security - alert mail
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] mod_security - alert mail
|
From: Ed G. <ED...@ha...> - 2018-01-12 14:47:51
|
What I did: I use mlogc to send my logs to a database table. I wrote a script that reads the database table, consults a whitelist, and anything not on the list is reported by hourly email. There is a "high water mark" that keeps me from reporting the same things over and over again. Best, Ed On Thu, 2018-01-11 at 18:05 +0100, Christian Folini wrote: Hey Edouard, On Thu, Jan 11, 2018 at 01:13:51PM -0300, Edouard Guigné wrote: I supposed users often ask for this, is there a way to configure mod_security to get alert emails when some rules are activated ? And to configure what activated rules are allowed to send email alert ? (I do not want every activated rules send alert by email). There are various options and you need to build this yourself. Personally, I think detection / blocking and alerting should be separated. But there is nothing stopping you from using the exec action in phase 5 to trigger an email. But think about the number of emails you get when somebody runs a vulnerability scan on your site. I think it is smarter to sit on the logs and scan them for alerts, add some intelligence and then do the alarming. That way you can make sure that there is at most a message every 5 minutes or stuff like that. It's hard to get that right from within ModSec. Just my 2 cents. Ahoj, Christian Best regards, EG ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ mod-security-users mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ -- Ed Greenberg | Web Developer and LInux System Administrator ________________________________ HAPPY Software, Inc. l Work HAPPY-er! t. 888-484-2779 l f. 518-584-5388 This message and any of its attachments are intended only for the use of the designated recipient, or the recipient’s designee, and may contain information that is confidential or privileged. If you are not the intended recipient, please immediately notify HAPPY Software, Inc., delete all copies of the message and any attachments and do not disseminate or make any use of their contents. |
