mod-security-users

[mod-security-users] rotating the index file using concurrent logging.

[Alon A. <aa...@we...>]

Hi,=20

I'm using the new "concurrent" logging option to aggregate and collect
audit logs ,=20

Since we are using mod_sec as a web application firewall, on a very
loaded farm (100 request per second almost 24/7),=20

Our farm is based on public web services,=20

Now the question is whether there is an option to rotate the "index"
file, without causing a downtime to the system, or restart apache

Since our index file becomes like 500mb after one week. And sys down
time is critical.=20

=20

Thanks=20

=20

Alon Agmon.

=20

Using:=20

Apache 2.2 .

Mod_sec 1.9=20

Mod_unique .

Linux fedora core 4.

=20

Re: [mod-security-users] rotating the index file using concurrent logging.

[Ivan R. <iv...@we...>]

Alon Agmon wrote:
> Hi,
> 
> I'm using the new "concurrent" logging option to aggregate and collect
> audit logs ,
> 
> Since we are using mod_sec as a web application firewall, on a very
> loaded farm (100 request per second almost 24/7),
> 
> Our farm is based on public web services,
> 
> Now the question is whether there is an option to rotate the "index"
> file, without causing a downtime to the system, or restart apache
> 
> Since our index file becomes like 500mb after one week. And sys down
> time is critical.

  Starting with 1.9.2 (now in rc3, due to be released as stable on
  Monday) you should be able to use any piped-logging rotate script
  there is to rotate the index file.

  Also, in the util/ subfolder there is a proof-of-concept script
  modsec-auditlog-collector.pl that submits audit log entries to
  a central server (via HTTP PUT) in real time. The script isn't
  written for heavy usage such as yours, but it is something you
  can look at if you want to wrap your own rotate script.

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
Tel: +44 20 8141 2161, Fax: +44 87 0762 3934