[mod-security-users] Modsecurity 3 logging issues
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Modsecurity 3 logging issues
|
From: Dino E. <din...@my...> - 2018-07-11 21:35:14
|
I'm trying to get modsecurity to start logging audit events in JSON format so that I can import to ELK but I cannot get it to work. Here's the relevant config: SecAuditEngine on SecAuditLogRelevantStatus "^[0-9]+" SecAuditLogParts ABIJDEFHZ SecAuditLogType concurrent #SecAuditLog /var/log/modsec_audit.log SecAuditLogStorageDir /usr/local/nginx/logs/modsecurity/domain.tld After I reload nginx I don't see any files being generated in the /usr/local/nginx/logs/modsecurity/domain.tld directory. Can someone help point me in the right direction? Do I need to compile modsecurity with JSON support? If so, how would I go about doing that? I was under the impression that using SecAuditLogType concurrent would take care of it. Thanks in advance |
