[mod-security-users] Re: Re: Log-parser
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Re: Re: Log-parser
|
From: Evert <ev...@di...> - 2005-05-23 21:18:09
|
> The problem with this approach is > what will your script do if the client submits non-standard client > headers? Will this be reported? nope. but i hadn't seen any other tokens then the tokens i search for in my parser script, so i didn't know that others where available. what i can do is make an extra field in the dbase with 'other tokens' then the tokens i search for... or redesign the parser to include only the tokens that are available for a specific 'attack'. hmm. let me think about this. maybe you can help me a bit by sending some entries of your audit_log with those extra headers. kind regards, Evert |
