[mod-security-users] ModSecurity Console not working
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] ModSecurity Console not working
|
From: Russ L. <rl...@nc...> - 2007-03-28 13:21:48
|
I have upgraded my apache to 2.2.4 and at the same time upgraded to modsecurity 2.1.0 with the core rule set. =20 I have added the following configuration in modsecurity_crs_10_config.conf so I can log to a modsecurity console server. Everything (that I am aware of) is setup like I usually do when I add a new sensor for 1.9, but it isn't working with 2.1.0. This is our first server to run modsecurity 2.1.0. =20 SecAuditLogStorageDir "/var/log/modsecure/data/" SecAuditLog "|/usr/local/apache/bin/modsec-auditlog-collector.pl /var/log/modsecure/data/ /var/log/modsecure/index" =20 Am I missing something? =20 When I set a basic search like.. SecFilter REQUEST_URI attack =20 I get the following errors in my /var/log/modsecure/index file =20 > Failed to parse line: --450a2e03-A-- > Failed to parse line: [28/Mar/2007:08:48:52 --0400] D4ea7awegUwAAAkRBJgAAAAC 172.31.18.203 2992 172.30.129.76 80 > Failed to parse line: --450a2e03-B-- > Failed to parse line: GET /attack HTTP/1.1 > Failed to parse line: Host: ncdcweb11.ncdc.ncus > Failed to parse line: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 > Failed to parse line: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=3D0.9,text/pla= i n;q=3D0.8,image/png,*/*;q=3D0.5 > Failed to parse line: Accept-Language: en-us,en;q=3D0.5 > Failed to parse line: Accept-Encoding: gzip,deflate > Failed to parse line: Accept-Charset: = ISO-8859-1,utf-8;q=3D0.7,*;q=3D0.7 > Failed to parse line: Keep-Alive: 300 > Failed to parse line: Connection: keep-alive > Failed to parse line: Cookie: __utma=3D172831164.552980278.1166469779.1175026754.1175085885.4; __utmz=3D172831164.1166469779.1.1.utmccn=3D(direct)|utmcsr=3D(direct)|utm= cmd=3D( none); __utmc=3D172831164; PHPSESSID=3D2eeb27bc10057c9f534591752c72a097; __utmb=3D172831164 > Failed to parse line: Cache-Control: max-age=3D0 > Failed to parse line: --450a2e03-F-- > Failed to parse line: HTTP/1.1 404 Not Found > Failed to parse line: Content-Length: 204 > Failed to parse line: Keep-Alive: timeout=3D5, max=3D100 > Failed to parse line: Connection: Keep-Alive > Failed to parse line: Content-Type: text/html; charset=3Diso-8859-1 > Failed to parse line: --450a2e03-H-- > Failed to parse line: Message: Warning. Match of "rx OPTIONS" against "REQUEST_METHOD" required. > Failed to parse line: Message: Warning. Match of "rx OPTIONS" against "REQUEST_METHOD" required. > Failed to parse line: Message: Warning. Pattern match "attack" at REQUEST_URI. > Failed to parse line: Apache-Error: [file "core.c"] [line 3631] [level 3] File does not exist: /home/httpd/attack > Failed to parse line: Stopwatch: 1175086132861677 3700 (487 3524 -) > Failed to parse line: Producer: ModSecurity v2.1.0 (Apache 2.x) > Failed to parse line: Server: Apache/2.2.4 (Unix) > Failed to parse line: --450a2e03-Z- =20 Then it also does not log into the /var/log/modsecure/data directory either and therefore does not log to the modsecurity console server I have. This all works with apache 2.2.3 and modsecurity 1.9 but now since the full blown upgrade it doesn't work... =20 Can I get some help with this? =20 Thanks |
