mod_security SecAuditLog

In my previous post I didn’t mention how to turn on the audit log, so without explanation, you put the following in your config.


SecAuditEngine RelevantOnly
SecAuditLogType serial
SecAuditLogParts ABCFHZ

We already set SecAuditLog to /var/log/modsecurity/SecAuditLog/modsec_audit.log in the previous post, which has to be writable by the web server user, www-data for ubuntu/debian. So after a reload, you should start seeing entries when mod_security denies a request.

I’m going to modify SecAuditLogType setting in a future post so we can enable the console.

Related posts:

  1. mod_security
  2. mod_security False Positives
  3. Back To Apache
  4. Basic Hostname Set Up Part 2
  5. How To Test Your Server For Vulnerabilities
This entry was written by chesty, posted on March 19, 2011 at 8:49 am, filed under LA, OSIA, Slug, ubuntu-au and tagged , , , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never shared. Required fields are marked *

*
*