You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Kianoosh Kashefi <38...@gmail.com> on 2015/02/08 13:29:20 UTC

[users@httpd] Integrating Apache customlog with mod_security errorlog

I've set up apache 2.2 and mod_security 2 on a centos 6 machine. As
you know mod_security produces it's own kind of error log file which
it's output is something like :

[Sun Feb 08 13:53:25 2015] [error] [client 192.168.22.90] ModSecurity:
 [file "/etc/httpd/conf.d/mod_security2/base_rules/modsecurity_crs_30_http_policy.conf"]
[line "31"] [id "960032"] [rev "2"] [msg "Method is not allowed by
policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"]
[maturity "9"] [accuracy "9"] [tag
"OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag
"OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] Access
denied with code 403 (phase 1). Match of "within
%{tx.allowed_methods}" against "REQUEST_METHOD" required. [hostname
"192.168.110.13"] [uri "/favicon.ico"] [unique_id
"VNc5HcCoFt0AACRCAkcAAAAD"]

I need this log plus several further parameters which are : Client
port and ip, server port and ip and user-agent info which can be
easily set to be written in another log file like this:

LogFormat "[Remote_Address \"%{REMOTE_ADDR}M\"] [Remote_Port
\"%{REMOTE_PORT}M\"] [Server_Address       \"%{SERVER_ADDR}M\"]
[Server_Port \"%{SERVER_PORT}M\"] [User_Agent \"%{User-agent}i\"]\n"
custom-format-1

     CustomLog logs/error-v.log custom-format-1

which returns :

[Remote_Address "192.168.22.90"] [Remote_Port "55025"] [Server_Address
"192.168.110.13"] [Server_Port "8888"] [User_Agent "Mozilla/5.0 (X11;
Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/40.0.2214.93 Safari/537.36"]

but the problem is that I want both these logs in the same file and I
have tried to write both logs into the same file in apache httpd.conf
but they are written into two separate lines (like a "\n" is used in
the end of mod_security error log) which for my particular use is
unacceptable.

What should I do to get both logs in the same file and in a single line of text.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org