Re: [mod-security-users] Logging-Questions
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Logging-Questions
|
From: Jens W. <sha...@no...> - 2005-06-30 09:52:41
|
Quoting Ivan Ristic <iv...@we...>: > Jens Weibler wrote: >> is there a way to get two audit-logs? One relevant-only and the other > > with all requests? > > At the moment, no. Why do you need that for? Audit logging is > I/O intensive operation as it is, I imagine having multiple logs > would bring a web server down to a crawl. I'm using modSecurity for an application-layer hacking-contest (CTF) [1] as an audit- and blocking-tool. I want to have a complete audit-log for later inspection/analysis but also an attack-only log which I read while the contest is running. btw: modSecurity was a great help at the last contest and helped us to get in the TOP3 :) [1] http://www.cs.ucsb.edu/~vigna/CTF/ and in a few weeks http://www-i4.informatik.rwth-aachen.de/~lexi/cipher.php?edit=0 -- Jens |
