Problem with logfile's name

[sivsoft]

I have last version Modsecurity (but with previous version was same problem). In configfile /etc/nginx/modsec/modsecurity.conf i have: SecAuditLogType Serial SecAuditLog /var/log/modsec/modsec_audit.log This file is created, but he have zero size and modsec contineuos write in file in format: modsec_audit.log-YYYYMMDD

Please help me. What could be the problem? How fix it?

[airween]

Hi @sivsoft,

thanks for reporting. It seems that you use libmodsecurity3, but some other information need to reproduce the issue.

Please take a look to our issue template, and fill as many item as you can.

Especially it would be important to know the settings of these options:

SecRuleEngine
SecAuditEngine
SecAuditLogRelevantStatus
SecAuditLogParts

beside the mentioned ones above.

These control what and when will sent to audit.log.

[sivsoft]

Sorry it took me so long to respond... I was sick Here is my system and settings

CentOS 7
Modsecurity 3.0.11
ModSecurity-nginx (owasp-modsecurity) 1.0.3
nginx 1.25.3

#SecRuleEngine On
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4\d[^4])"
SecAuditLogParts ABIDFGHZ

Based on the logs, I don’t know what to say. There is nothing in the logs. The log just starts being written to another file, or rather the name is the same, but with the addition of the date in end.

[airween]

Could you provide some example how do you test your WAF? Eg. a curl request...

[airween]

@sivsoft ping.