[mod-security-users] Modsecurity Nginx: Audit log not being populated
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Modsecurity Nginx: Audit log not being populated
|
From: Christian V. <cv...@it...> - 2020-02-11 19:31:05
|
Hello, I’ve conpiled a nginx and Modsecurity today, every works fine except the audit log. The audit log is not being populated, the attacks are logged only in the error log but not in the audit log. If I change modsecurity to “DetectionOnly” the audit logs start to being populated but if I set modsecurity in “On” the audit log does not work… This is my setup: nginx version: 1.15.8.1 Modsecurity: branch v3/Master from GitHub I have this lines to log the transactions: SecRuleEngine On SecDefaultAction "phase:1,log,auditlog,deny,status:403" SecDefaultAction "phase:2,log,auditlog,deny,status:403" SecAuditLogDirMode 1733 SecAuditLogFileMode 0550 SecAuditLogFormat JSON SecAuditEngine RelevantOnly SecAuditLogRelevantStatus "^(?:5|4)” SecAuditLogParts ABCHIZ SecAuditLogType Serial SecAuditLog /opt/waf/nginx/var/log/nnoc.vtr.cl/nnoc.vtr.cl_audit.log Maybe I need to fix my configuration ? Does anybody else is experimenting the same ? Thanks in advanced. Cheers. Chris. |
