Closed git-SwitchBlade closed 4 months ago
theseion
commented
4 months ago Audit logs aren't written to a file by default. You'll have to set the MODSEC_AUDIT_LOG variable to something like /var/log/nginx/modsec_audit.log. you already have a volume mount there, so the log file should appear in the log directory automatically.
git-SwitchBlade
commented
4 months ago I did set variable for MODSEC_AUDIT_LOG in docker-compose.yml file
version: "3"
x-defaults: &default-settings
environment:
MODSEC_AUDIT_ENGINE=on
MODSEC_AUDIT_LOG=/var/log/modsec_audit.log
services:
nginx-modsec:
build:
context: .
ports:
- "80:80"
volumes:
- ./default.conf:/etc/nginx/templates/conf.d/default.conf:ro
- ./modsecurity.conf:/etc/modsecurity.d/modsecurity.conf:ro
- logs-mod:/var/log
volumes:
logs-mod:But now you're using a named volume... That way you won't have access to the logs from your host system.
git-SwitchBlade
commented
4 months ago Thanks for the help, Below is the docker file, for someone is furture
version: "3"
services:
nginx-modsec:
build:
context: .
ports:
- "80:80"
environment:
- MODSEC_AUDIT_ENGINE=on
- MODSEC_AUDIT_LOG=/var/log/nginx/modsec_audit.log
volumes:
- ./default.conf:/etc/nginx/templates/conf.d/default.conf:ro
- ./modsecurity.conf:/etc/modsecurity.d/modsecurity.conf:ro
- ./log:/var/log/nginx
I am running a basic file, but how can I mount modsecurity logs, I can't find them in docker container.
I am using the above docker compose file.