Thread: Re: [mod-security-users] Log question
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Ivan R. <iv...@we...> - 2005-01-12 23:47:02
|
Tkachenko Alexei wrote: > Ivan, I can't use such thing. > I have hundreds of virtual hosts and can't add this "CustomLog ..." to each > of them. So I guess you are not logging to a single file and splitting the file into virtual hosts later. > Additionally I need to preserve current CustomLog setting for each > VirtualHost. I think it is possible to have as many CustomLog entries as necessary. > So I need to add additional logging for all requests by regexp of URL. I've already done something like that for the error log in Apache 2.x (since it is not possible for Apache 1.x). It's called mod_globalerror.c (get it from http://www.apachesecurity.net). With this module installed it is possible to have per-virtual host ErrorLog directives *and* have the log entries duplicated in the global log. As for normal requests, I am adding syslog support for exactly that in mod_security 1.9. Perhaps I can add the option to write log entries to disk too. -- Ivan Ristic (http://www.modsecurity.org) |
|
From: Ivan R. <iv...@we...> - 2005-01-21 11:57:43
|
Tkachenko Alexei wrote: > But: as I understand mod_security currently already has possibility to track > different events (regexp - SecFilter) and act in different ways - so you can > use 1 SecFilter to log in 1 file, use another SecFilter to log in another > file and use 3-rd SecFilter to just dent without logging and so on? > If this is correct that it is possible to do what I asked. > I just asked how to do it in right way. Hmm, it's possible although not supported in the current release. I'll implement something along those lines and contact you so that you can test it. -- Ivan Ristic (http://www.modsecurity.org) |
|
From: Tkachenko A. <al...@tk...> - 2005-01-22 00:16:33
|
Peace be with you, Currently seems mod_security works in this way: if request match directive (SecFilter for example) than the corresponded action performed and no other action performed even if this request match another directive too. Is there any possibility to bypass this? Maybe for particular directive or something like this? ----- Regards, Alex A. Tkachenko |
|
From: Ivan R. <iv...@we...> - 2005-01-22 00:24:51
|
Tkachenko Alexei wrote: > Peace be with you, > > Currently seems mod_security works in this way: if request match directive > (SecFilter for example) than the corresponded action performed and no other > action performed even if this request match another directive too. > > Is there any possibility to bypass this? > Maybe for particular directive or something like this? The request does not have to terminate on a rule match so, yes, it possible to do several different things for one request. E.g. # log only SecFilter KEYWORD1 log,pass # execute something SecFilter KEYWORD2 log,pass,exec:/some/binary # deny request SecFilter KEYWORD3 log,deny -- Ivan Ristic (http://www.modsecurity.org) |
|
From: Tkachenko A. <al...@tk...> - 2005-01-14 07:03:44
|
Thank you, Ivan, for your answer. >> So I guess you are not logging to a single file and splitting the >> file into virtual hosts later. Yes. It is virtual hosting. >> I think it is possible to have as many CustomLog entries as >> necessary. When you use CustomLog inside the VirtualHost then global CustomLog does not log any request related to this VirtualHost. So I need to add 1 more CustomLog inside each VirtualHost (and this is bad idea) or to track requests on higher level - mod_security for example. >> I've already done something like that for the error log in >> Apache 2.x (since it is not possible for Apache 1.x). It's called Unfortunately I use apache 1.x. But: as I understand mod_security currently already has possibility to track different events (regexp - SecFilter) and act in different ways - so you can use 1 SecFilter to log in 1 file, use another SecFilter to log in another file and use 3-rd SecFilter to just dent without logging and so on? If this is correct that it is possible to do what I asked. I just asked how to do it in right way. Could you please clarify? Thank you! Alexey. -----Original Message----- From: Ivan Ristic [mailto:iv...@we...] Sent: Thursday, January 13, 2005 01:47 To: Tkachenko Alexei Cc: mod...@li... Subject: Re: [mod-security-users] Log question Tkachenko Alexei wrote: > Ivan, I can't use such thing. > I have hundreds of virtual hosts and can't add this "CustomLog ..." to > each of them. So I guess you are not logging to a single file and splitting the file into virtual hosts later. > Additionally I need to preserve current CustomLog setting for each > VirtualHost. I think it is possible to have as many CustomLog entries as necessary. > So I need to add additional logging for all requests by regexp of URL. I've already done something like that for the error log in Apache 2.x (since it is not possible for Apache 1.x). It's called mod_globalerror.c (get it from http://www.apachesecurity.net). With this module installed it is possible to have per-virtual host ErrorLog directives *and* have the log entries duplicated in the global log. As for normal requests, I am adding syslog support for exactly that in mod_security 1.9. Perhaps I can add the option to write log entries to disk too. -- Ivan Ristic (http://www.modsecurity.org) |
Thanks for helping keep SourceForge clean.
X