Re: [mod-security-users] two audit logs?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] two audit logs?
|
From: Ivan R. <iv...@we...> - 2005-01-22 01:04:01
|
da...@ez... wrote: > Is there any way to set two different audit logs? Something like: > > SecAuditEngine On > SecAuditLog logs/audit_log > > SecAuditEngine RelevantOnly > SecAuditLog logs/relevant_log > > I want one log that shows everything and one that shows only what matched a > filter. Is it possible? This would be a big help. If we had this and a > client's site was hacked we would have full logging and could see exactly > how it was done. Then we could create new filters to block such attacks and > tell the client what scripts need to be secured. I really don't want to only > have a log of everything because we need to see just what matched. We have > to monitor this to make sure the rules we have setup are not creating > problems for our clients. This would be almost impossible with one huge > file. No, you can't have two audit logs for the same content. (You can have two audit logs for two applications/areas on the same web server.) However, what you can do, is log everything but have a script that parses out the full audit log and separates the ones with matches. -- Ivan Ristic (http://www.modsecurity.org) |
