|
From: Wouter de J. <wou...@dr...> - 2020-09-23 12:42:34
|
Hi, I'm trying modsecurity together with nginx for the first time. Everything seems to be working correctly (together with the coreruleset). However I somehow get an audit log with a slightly different format than everything I can find online. This makes it quite hard to use with e.g. open source log parsers. To identify some differences I found. This is the log header in our audit logs (with IPs blanked-out): ---iOma3Pk1---A-- [20/Sep/2020:21:00:20 +0200] 160062842027.385932 000.000.00.000 53270 000.000.000.00 443 ---iOma3Pk1---B-- ... The differences: - The section id's are no longer hexadecimal; - There are more dashes between section ID and A-Z than documented; - The unique ID (after timestamp) is a float, instead of string ID. Is this expected behavior? (libmodsecurity 3.0.4, nginx connector 1.0.1, nginx 1.18.0, using the default modsecurity configuration) If so, is there any source documenting the new format? Thanks for your time & help! Wouter |
