Re: [mod-security-users] Modsecurity Nginx: Audit log not being populated
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Modsecurity Nginx: Audit log not being populated
|
From: Peter K. <pe...@kr...> - 2020-02-12 09:41:02
|
Let me add a "me too"! nginx 1.17.x Am 2020-02-11 20:05, schrieb Christian Varas: > Hello, I’ve conpiled a nginx and Modsecurity today, every works fine > except the audit log. The audit log is not being populated, the > attacks are logged only in the error log but not in the audit log. > If I change modsecurity to “DetectionOnly” the audit logs start to > being populated but if I set modsecurity in “On” the audit log does > not work… > This is my setup: > > nginx version: 1.15.8.1 > Modsecurity: branch v3/Master from GitHub > > I have this lines to log the transactions: > > SecRuleEngine On > SecDefaultAction "phase:1,log,auditlog,deny,status:403" > SecDefaultAction "phase:2,log,auditlog,deny,status:403" > > > SecAuditLogDirMode 1733 > SecAuditLogFileMode 0550 > SecAuditLogFormat JSON > SecAuditEngine RelevantOnly > SecAuditLogRelevantStatus "^(?:5|4)” > SecAuditLogParts ABCHIZ > SecAuditLogType Serial > SecAuditLog /opt/waf/nginx/var/log/nnoc.vtr.cl/nnoc.vtr.cl_audit.log > > > > Maybe I need to fix my configuration ? > Does anybody else is experimenting the same ? > > Thanks in advanced. > Cheers. > Chris. > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
