airween
commented
6 months ago Hi @vukitoso,
I can consider this is a feature request.
Beside you sent requests like this, please keep it mind that this module is not ready for production.
Open vukitoso opened 6 months ago
airween
commented
6 months ago Hi @vukitoso,
I can consider this is a feature request.
Beside you sent requests like this, please keep it mind that this module is not ready for production.
vukitoso
commented
6 months ago Then, as an option to expand the functionality, you can add variables: $vhost $year $month $day $hour $minute $second $ID - some kind of unique identifier that is added to the end of the log name
so that you can create different options for log storage paths: /opt/modsecurity/var/audit/$vhost/$year-$month-$day/$hour-$minute-$second-$ID.log /opt/modsecurity/var/audit/site.com/2024-03-31/11-51-03-ZgkZYEAFt1ApFkqHlmHjUgAAAAE.log or /opt/modsecurity/var/audit/$vhost/$year-$month/$day/$hour-$minute-$second-$ID.log /opt/modsecurity/var/audit/site.com/2024-03/31/11-51-03-ZgkZYEAFt1ApFkqHlmHjUgAAAAE.log
vukitoso
commented
6 months ago Beside you sent requests like this, please keep it mind that this module is not ready for production.
I have the package "libapache2-mod-security2" installed on debian 12. This module is built from https://github.com/owasp-modsecurity/ModSecurity-apache?
airween
commented
6 months ago This module is built from https://github.com/owasp-modsecurity/ModSecurity-apache?
No. This module is built from https://github.com/owasp-modsecurity/ModSecurity, but from the branch v2/master.
vukitoso
commented
6 months ago Thank you, that means I wrote in the wrong place. Sorry.
Hello. Default SecAuditLogStorageDir = /opt/modsecurity/var/audit and all logs are written together, regardless of vhost. Is it possible to sort by vhost?
/opt/modsecurity/var/audit/site1.com/ /opt/modsecurity/var/audit/site2.com/ ...
Thx.