RE: [mod-security-users] Log question

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Thank you, Ivan, for your answer.

>>   So I guess you are not logging to a single file and splitting the
>>   file into virtual hosts later.

Yes.
It is virtual hosting.

>>   I think it is possible to have as many CustomLog entries as
>>   necessary.

When you use CustomLog inside the VirtualHost then global CustomLog does not
log any request related to this VirtualHost.
So I need to add 1 more CustomLog inside each VirtualHost (and this is bad
idea) or to track requests on higher level - mod_security for example.

>>   I've already done something like that for the error log in
>>   Apache 2.x (since it is not possible for Apache 1.x). It's called

Unfortunately I use apache 1.x.

But: as I understand mod_security currently already has possibility to track
different events (regexp - SecFilter) and act in different ways - so you can
use 1 SecFilter to log in 1 file, use another SecFilter to log in another
file and use 3-rd SecFilter to just dent without logging and so on?
If this is correct that it is possible to do what I asked.
I just asked how to do it in right way.

Could you please clarify?
Thank you!

Alexey.

-----Original Message-----
From: Ivan Ristic [mailto:iv...@we...] 
Sent: Thursday, January 13, 2005 01:47
To: Tkachenko Alexei
Cc: mod...@li...
Subject: Re: [mod-security-users] Log question

Tkachenko Alexei wrote:
> Ivan, I can't use such thing.
> I have hundreds of virtual hosts and can't add this "CustomLog ..." to 
> each of them.

   So I guess you are not logging to a single file and splitting the
   file into virtual hosts later.

> Additionally I need to preserve current CustomLog setting for each 
> VirtualHost.

   I think it is possible to have as many CustomLog entries as
   necessary.

> So I need to add additional logging for all requests by regexp of URL.

   I've already done something like that for the error log in
   Apache 2.x (since it is not possible for Apache 1.x). It's called
   mod_globalerror.c (get it from http://www.apachesecurity.net). With
   this module installed it is possible to have per-virtual host
   ErrorLog directives *and* have the log entries duplicated in the
   global log.

   As for normal requests, I am adding syslog support for exactly
   that in mod_security 1.9. Perhaps I can add the option to write
   log entries to disk too.

--
Ivan Ristic (http://www.modsecurity.org)