Re: [mod-security-users] SecGuardianLog per virtual host?

[Linh Vu <vu...@ph...>]

Hi,

Thanks for your reply. I currently have 1 AuditLog at httpd.conf level 
to log all virtual hosts. I take it that if I add SecGuardianLog 
/path/to/httpd-guardian at that same level, it will scan every request 
that gets logged in AuditLog and act accordingly? I'm confused by this 
paragraph in httpd-guardian script:

# NOTE: In order for this script to be effective it must be able to
#       see all requests coming to the web server. This will not happen
#       if you are using per-virtual host logging. In such cases either
#       use the ModSecurity 1.9 SecGuardianLog directive (which was designed
#       for this very purpose).

So does "per-virtual host logging" here refer to the Audit Log? Which 
means that if I have multiple AuditLogs for the virtual hosts, 
SecGuardianLog won't be effective, right? With my current setup (single 
AuditLog for the whole server), it will work? I was thinking of my 
access/error logging per virtual host, which probably shouldn't have 
anything to do with this.

Cheers,
Linh

Ivan Ristic wrote:

>Linh Vu wrote:
>  
>
>>Hi all,
>>
>>I'm a bit confused about this part in the documentation and the
>>instruction at the top of httpd-guardian. I'm using per-virtual-host
>>logging so if I want to use httpd-guardian, I need to have
>>
>>SecGuardianLog |/path/to/httpd-guardian
>>
>>in every VirtualHost config?
>>    
>>
>
>  No. Only one guardian log can be used for the whole web server. I
>  designed it to protect the web server, not individual sites.
>
>
>  
>
>>And I can have both AuditLog and GuardianLog?
>>    
>>
>
>  You can have as many audit logs as you want. Per-virtual host
>  included...
>
>  
>


-- 
-----------------------------------------------
Linh Vu - Web/DB and Systems Support officer
School of Physics, The University of Melbourne
Office: 8344 8093  Email: vu...@ph...
-----------------------------------------------