[mod-security-users] SecAuditLog format different 2.9.x and 3.0
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] SecAuditLog format different 2.9.x and 3.0
|
From: Cristiano G. <cri...@ga...> - 2018-03-07 14:38:54
|
Hi! I am using modsecurity 2.9 in apache and modsecurity 3.0 in nginx, both are in the same configuration but the log is in a different format. My modsecurity.conf: > SecAuditLogParts ABIJDEFGHZ > SecAuditLogType Concurrent > SecAuditLog /var/log/mlog2waffle/mlog2waffle-index > SecAuditLogStorageDir /var/log/mlog2waffle/data Events in mlog2waffle-index in modsecurity 2.9 (apache): > http://localhost 10.10.10.10 - - [05/Mar/2018:12:33:22 --0300] "POST / HTTP/1.1" 404 926 "-" "-" Wp1jQX8AAQEAAGReP8MAAAAH "-" /20180305/20180305-1233/20180305-123322-Wp1jQX8AAQEAAGReP8MAAAAH 0 2770 md5:608e97823d44086abc1719a930fb90bb Events in mlog2waffle-index in modsecurity 3.0 (nginx): > 127.0.0.1 10.10.10.10 - "GET / HTTP/1.1" 404 0 - "Java/1.8.0_161" 152026763220.574250 - /var/log/mlog2waffle/data/20180305/20180305-1633/20180305-163352-152026763220.574250 0 1303.000000 md5:1a354780659b4213afc79e5185c507a7 So I can not use mlog2waffle because the format log index in 3.0 is not supported. How can I make modsecurity 3.0 generate the logs in the 2.9.x format? Regards, Cristiano Galdino cri...@ga... |
