Re: [mod-security-users] MSG and ID Actions

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Christian Martorella wrote:
> I'm trying to add more info to the logs, but it doesn't add anything, 
> here is my line:
> 
> Modsecurity 1.9dev2:
> 
> SecFilterSelective SCRIPT_FILENAME ".+\.inc" 

   You should use $ at the end of the regex ^

 > "log,msg Includes,id 666"

   And here you should really write "log,msg:Includes,id:666". The
   syntax you used works for now, but I am planning to tighthen
   the parser in one of the subsequent releases.

> I'm using RelevantOnly audit.
> 
> Someone tried this feature?

   I did, and this is what I get:

Warning. Pattern match "111" at REQUEST_URI [id 1] [msg 2] [hostname 
"192.168.2.101"] [uri "/111"]

-- 
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org