mod-security-users

[mod-security-users] reporting tools

[Peter W. <prw...@gm...>]

Greetings,

I've got the latest mod_security release up and running, and it's
working great to block all sorts of requests to my Apache web
server... mostly Movable Type blog comment spammers. The audit_log is
human-readable, but it's a bit time-consuming to read through it to
see what's being blocked and to see if anything is being wrongly
blocked. So I'm trying to find some reporting tools that would parse
the audit_log and display a summary report in some easily-viewed
HTML-esque manner.

Searching this mailing list hasn't turned up anything useful, and the
only thing I've found on Google is a script that parses the audit_log
and inserts it into a mysql database... but doesn't actually do any
reporting or analysis.

Any suggestions?

Thanks,

Peter

Re: [mod-security-users] reporting tools

[Ivan R. <iv...@we...>]

Peter Wood wrote:
> Greetings,
> 
> I've got the latest mod_security release up and running, and it's
> working great to block all sorts of requests to my Apache web
> server... mostly Movable Type blog comment spammers. The audit_log is
> human-readable, but it's a bit time-consuming to read through it to
> see what's being blocked and to see if anything is being wrongly
> blocked. So I'm trying to find some reporting tools that would parse
> the audit_log and display a summary report in some easily-viewed
> HTML-esque manner.
> 
> Searching this mailing list hasn't turned up anything useful, and the
> only thing I've found on Google is a script that parses the audit_log
> and inserts it into a mysql database... but doesn't actually do any
> reporting or analysis.
> 
> Any suggestions?

   I am not aware of any such tools. But I can tell you that I expect
   ModSecurity 2.x to have a built-in viewer. However, ModSecurity 2
   will be a complete rewrite so I can't tell you when it will be
   published. I hope to release the first version in May.

-- 
Ivan Ristic (http://www.modsecurity.org)