On Fri, Dec 11, 2009 at 6:52 PM, Brian Rectanus <bre...@gm...> wrote:
> On Fri, Dec 11, 2009 at 10:14 AM, Ivan Ristic <iva...@gm...> wrote:
>> I have a few rules that set environment variables, which are then used
>> in logging (via "{VARNAME}e"), but it is impossible to set environment
>> variables from ModSecurity's phase 5 before it takes place after
>> Apache's logging.
>>
>> Is there are a reason for phase 5 to execute prior to Apache logging,
>> or can we move phase 5 later?
>
> Actually, I would rather do it after apache logging anyhow.
I am sorry, I messed up my original email. Phase 5 is executed _after_
log_config at the moment, and that makes it impossible for an
environment variable defined in phase 5 to be logged via log_config.
Thus I was asking to move phase 5 _before_ log_config.
> Right now
> it does not really work to look at the log contents and this (I
> think?) would allow that better.
How would you look at it?
> Also, it may be better to see
> Apache's error log prior to ModSecurity's as many times the Apache
> error has caused the ModSecurity one (client disconnects, etc) and
> this would make that a bit more clear.
I think Apache will log to error log as needed (i.e., it will not wait
for its logging phase to log all error message).
>
> -B
>
> ------------------------------------------------------------------------------
> Return on Information:
> Google Enterprise Search pays you back
> Get the facts.
> http://p.sf.net/sfu/google-dev2dev
> _______________________________________________
> mod-security-developers mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>
--
Ivan Ristic
ModSecurity Handbook [https://www.feistyduck.com]
SSL Labs [https://www.ssllabs.com/ssldb/]
|
