Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: How to integrate customlog and mod_security error log |
|
| Author |
|
k38echo
Joined: 08 Feb 2015
Posts: 1
|
 Posted: Sun 08 Feb '15 14:26 Post subject: How to integrate customlog and mod_security error log |
 |
|
I've set up apache 2.2 and mod_security 2 on a centos 6 machine. As you know mod_security produces it's own kind of error log file which it's output is something like :
| Code: | [Sun Feb 08 13:53:25 2015] [error] [client 192.168.22.90] ModSecurity: [file "/etc/httpd/conf.d/mod_security2/base_rules/modsecurity_crs_30_http_policy.conf"] [line "31"] [id "960032"] [rev "2"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] Access denied with code 403 (phase 1). Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [hostname "192.168.110.13"] [uri "/favicon.ico"] [unique_id "VNc5HcCoFt0AACRCAkcAAAAD"]
|
I need this log plus several further parameters which are : Client port and ip, server port and ip and user-agent info which can be easily set to be written in another log file like this:
| Code: | LogFormat "[Remote_Address \"%{REMOTE_ADDR}M\"] [Remote_Port \"%{REMOTE_PORT}M\"] [Server_Address \"%{SERVER_ADDR}M\"] [Server_Port \"%{SERVER_PORT}M\"] [User_Agent \"%{User-agent}i\"]\n" custom-format-1
CustomLog logs/error-v.log custom-format-1
|
which returns :
| Code: | | [Remote_Address "192.168.22.90"] [Remote_Port "55025"] [Server_Address "192.168.110.13"] [Server_Port "8888"] [User_Agent "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36"] |
but the problem is that I want both these logs in the same file and I have tried to write both logs into the same file in apache httpd.conf but they are written into two separate lines (like a ā\nā is used in the end of mod_security error log) which for my particular use is unacceptable.
What should I do to get both logs in the same file and in a single line of text. |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3059
Location: Hilversum, NL, EU
|
| Posted: Sun 08 Feb '15 14:46 Post subject: |
|
|
You also posted on the mod_security list, answer:
Hi there,
I do not think you can do that.
What you can do however, is adding the Unique-ID to the access-log
and then correlate it the stuff. Put it into a database if you want to
or just setup your command line environment to do things transparently
for you.
Ahoj,
Christian |
|
| Back to top |
|
|
|
|
|
|
