[mod-security-users] tying log entries to rules
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] tying log entries to rules
|
From: caleb r. <Cal...@ne...> - 2005-04-21 08:26:47
|
Hello=20 Kudos on an excellent module and kudos to ivan on the excellent o'reilly apache security book. When monitoring the server logs I have two questions: 1) are there any tools for monitoring the audit logs, since the output per hit is multi line the normal approach of "grep"ing is not effective. For example my logs are overwhelmingly phpBB exploit attempts (a bot is doing the rounds) the noise from this in the logs is making it very difficult to track down other "hits"=20 2) is there any way to tie down a "hit" to the rule that caught it? Once I have identified false positives it is difficult to track down the rule causing it, It would be useful if the log would give some form of rule identifier for which rule caused the match=20 regards Caleb Racey, Webteam, ISS University of Newcastle upon Tyne |
