Closed git-SwitchBlade closed 4 months ago
Audit logs aren't written to a file by default. You'll have to set the MODSEC_AUDIT_LOG
variable to something like /var/log/nginx/modsec_audit.log
. you already have a volume mount there, so the log file should appear in the log
directory automatically.
I did set variable for MODSEC_AUDIT_LOG in docker-compose.yml file
version: "3"
x-defaults: &default-settings
environment:
MODSEC_AUDIT_ENGINE=on
MODSEC_AUDIT_LOG=/var/log/modsec_audit.log
services:
nginx-modsec:
build:
context: .
ports:
- "80:80"
volumes:
- ./default.conf:/etc/nginx/templates/conf.d/default.conf:ro
- ./modsecurity.conf:/etc/modsecurity.d/modsecurity.conf:ro
- logs-mod:/var/log
volumes:
logs-mod:
But now you're using a named volume... That way you won't have access to the logs from your host system.
Thanks for the help, Below is the docker file, for someone is furture
version: "3"
services:
nginx-modsec:
build:
context: .
ports:
- "80:80"
environment:
- MODSEC_AUDIT_ENGINE=on
- MODSEC_AUDIT_LOG=/var/log/nginx/modsec_audit.log
volumes:
- ./default.conf:/etc/nginx/templates/conf.d/default.conf:ro
- ./modsecurity.conf:/etc/modsecurity.d/modsecurity.conf:ro
- ./log:/var/log/nginx
I am running a basic file, but how can I mount modsecurity logs, I can't find them in docker container.
I am using the above docker compose file.