[mod-security-users] Question / Feature Request Log Comment
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Question / Feature Request Log Comment
|
From: Ulf S. <ste...@ze...> - 2003-12-08 09:44:22
|
Apache 1.3.29, mod_security 1.7.3
When using chain-ed filter rules it seems that mod_security prints only the
pattern from the last filter rule of the chain in mod_security-message (with
"SecAuditEngine RelevantOnly" that is). Since I do a statistical analysis of
the audit log where among other things I count the different match patterns of
blocked requests, this is rather bad ... especially if you have a lot of
chain-ed rules, some with identical last rules.
So my question is: what's the best way to circumvent such a behaviour? I
thought of adding a dummy last rule that always matches and contains
something like a comment in the pattern but that's rather ugly. Is there any
way to add a kind of "log comment" to mod_security-message?
Of course, adding a comment to filter rules that will be printed to the log
file might come in handy, anyway. Think of references and the like.
Regards,
Ulf
--
Ulf Stegemann
zeitform Internet Dienste Fraunhoferstr. 5
64283 Darmstadt, Germany
http://www.zeitform.de Tel: +49 (0)6151 155-636
mailto:ste...@ze... Fax: +49 (0)6151 155-634
GnuPG/PGP Key-ID: 0x8862250A
|
