Open sivsoft opened 3 months ago
Hi @sivsoft,
thanks for reporting. It seems that you use libmodsecurity3, but some other information need to reproduce the issue.
Please take a look to our issue template, and fill as many item as you can.
Especially it would be important to know the settings of these options:
SecRuleEngine
SecAuditEngine
SecAuditLogRelevantStatus
SecAuditLogParts
beside the mentioned ones above.
These control what and when will sent to audit.log.
Sorry it took me so long to respond... I was sick Here is my system and settings
CentOS 7
Modsecurity 3.0.11
ModSecurity-nginx (owasp-modsecurity) 1.0.3
nginx 1.25.3
#SecRuleEngine On
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4\d[^4])"
SecAuditLogParts ABIDFGHZ
Based on the logs, I don’t know what to say. There is nothing in the logs. The log just starts being written to another file, or rather the name is the same, but with the addition of the date in end.
Could you provide some example how do you test your WAF? Eg. a curl
request...
@sivsoft ping.
I have last version Modsecurity (but with previous version was same problem). In configfile /etc/nginx/modsec/modsecurity.conf i have: SecAuditLogType Serial SecAuditLog /var/log/modsec/modsec_audit.log This file is created, but he have zero size and modsec contineuos write in file in format: modsec_audit.log-YYYYMMDD
Please help me. What could be the problem? How fix it?