Re: [mod-security-users] SecGuardianLog per virtual host?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] SecGuardianLog per virtual host?
|
From: Ivan R. <iv...@we...> - 2006-02-28 12:57:46
|
Linh Vu wrote: > Hi, > > Thanks for your reply. I currently have 1 AuditLog at httpd.conf level > to log all virtual hosts. I take it that if I add SecGuardianLog > /path/to/httpd-guardian at that same level, it will scan every request > that gets logged in AuditLog and act accordingly? The idea is to send information about *every* request to the guardian log. > I'm confused by this > paragraph in httpd-guardian script: > > # NOTE: In order for this script to be effective it must be able to > # see all requests coming to the web server. This will not happen > # if you are using per-virtual host logging. In such cases either > # use the ModSecurity 1.9 SecGuardianLog directive (which was designed > # for this very purpose). > > So does "per-virtual host logging" here refer to the Audit Log? No, it refers to the case when you are using this facility without ModSecurity. In that case you will need to ensure all requests are sent to httpd-guardian. If you are using ModSecurity - it does that for you. > Which > means that if I have multiple AuditLogs for the virtual hosts, > SecGuardianLog won't be effective, right? No, audit log and guardian log are not related. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall Apache Security (O'Reilly): http://www.apachesecurity.net |
