Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: ModSecurity Console can't find any logs? |
|
| Author |
|
raffe
Joined: 20 Dec 2005
Posts: 15
|
 Posted: Thu 04 Sep '08 14:44 Post subject: ModSecurity Console can't find any logs? |
 |
|
I did this:
1. Installed latest mod_security, and it's working OK
2. I install lates Java from Sun
3. Download ModSecurity Console RPM http://www.modsecurity.org/projects/console/ from bsn.breach.com = modsecurity-console_1_0_5_linux.rpm
4. I install the RPM
5. I go to /opt/modsecurity-console and run ./modsecurity-console
6. I can successfully surf to https://localhost:8888
The problem is that ModSecurity Console don't seem to find anything (and I cant find any docs?) I tried to use this in a URL:
| Quote: | | http://localhost/login.php?user=tom';DELETE%20FROM%20users |
Mod_security finds it and logs it, but nothing shows in ModSecurity Console. In opt/modsecurity-console/etc/console.conf I had this:
| Code: | ActivityLog ${logsDir}/activity.log
DebugLog ${logsDir}/debug.log |
And I tried also this (where the mod_security logs are):
| Code: | ActivityLog /var/log/httpd/modsec_audit.log
DebugLog /var/log/httpd/modsec_debug.log |
This is the whole console.conf
| Code: | LoadModule com.thinkingstone.juggler.components.ChronosModule
Property homeDir "${CURRENT_WORKING_DIRECTORY}"
Property templatesDir "${homeDir}/templates"
Property CURRENT_WORKING_DIRECTORY "/opt/modsecurity-console"
Property dataDir "${homeDir}/var/data"
Property logsDir "${homeDir}/var/logs"
ActivityLog /var/log/httpd/modsec_audit.log
DebugLog /var/log/httpd/modsec_debug.log
<Cloud main>
<Service derby com.thinkingstone.juggler.components.DerbyServer>
Property port "1527"
Property username ""
Property host "localhost"
Property startNetworkServer "false"
Property password ""
</Service>
<Service connectionPool com.thinkingstone.juggler.components.JdbcConnectionPool>
Property jdbcUri "jdbc:derby:consoleDb;create=true"
Property jdbcDriver "org.apache.derby.jdbc.EmbeddedDriver"
</Service>
<Source console com.thinkingstone.console.ConsoleComponent>
Property port "8888"
Property emailReportSendSeverity "7"
Property protocol "https"
Property emailReportSSL "false"
Property emailReportEmailSender "test@none.com"
Property nonRelevantTransactionsKeepDays "365"
Property emailReportPassword ""
Property emailReportTemplate "email-report-template"
Property password "password"
Property emailReportMaximalStaleSeverity "0"
Property relevantTransactionsKeepDays "365"
Property emailReportUsername ""
Property emailReportSendNoAlert "true"
Property keypassword "password"
Property emailReportInterval "15"
Property keystore "keystore"
Property emailReportSend "false"
Property emailReportEmailRecipients "test@none.com"
Property emailReportSendNoNewAlerts "true"
Property emailReportEmailSubject "ModSecurity Console Report"
Property emailReportHostname "smtp.test.com"
Property jdbcUri "jdbc:apache:commons:dbcp:connectionPool"
Property staleAlertInterval "86400"
Property emailReportPort "25"
ScheduleMethod "*/10" "archiveStaleNonStarredAlerts 86400"
ScheduleMethod "*/1" "archiveStatistics"
ScheduleMethod "*/1 * * *" "createReport html"
ScheduleMethod "0 6 * * *" "deleteTransactions"
ScheduleMethod "0 7 * * *" "createScheduledReports"
</Source>
<Sink logger com.thinkingstone.juggler.components.ConsumeAllEventsSink>
</Sink>
</Cloud>
<Cloud juggler>
<Service remoteControl com.thinkingstone.juggler.components.XmlRpcRemoteControlService>
Property port "8887"
Property adminNetwork "127.0.0.1"
Property password "relgguj"
</Service>
<Service scheduler com.thinkingstone.juggler.components.ChronosService>
</Service>
</Cloud> |
Any ideas?
PS: It should look something like this: http://c.fsdn.com/fm/screenshots/60590.png
(The image is from http://freshmeat.net/projects/modsecurity-console/?branch_id=65270&release_id=275815 )
But it looks like this: http://i33.tinypic.com/fjgq47.jpg |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Fri 05 Sep '08 21:40 Post subject: |
|
|
Try to replace the ${} variables with real pathes. Just btw. this is a windows apache forum 
I'd like to test that, but I don't want to register at breach.com and I don't know if there is a windows version for me ^^ |
|
| Back to top |
|
raffe
Joined: 20 Dec 2005
Posts: 15
|
| Posted: Sat 06 Sep '08 15:28 Post subject: |
|
|
Oh, yeah, sorry. Forgot about this was only Windows  (I use both)
But there is also one for Windows (have not tried it):
| Quote: | | modsecurity-console_1_0_5_windows.exe 07-May-2008 05:36 10121 K |
I will try your suggestions (I tried to replace, but will try some more ) |
|
| Back to top |
|
Bruce Benson
Joined: 15 Aug 2009
Posts: 2
Location: Champaign, IL, USA
|
| Posted: Mon 07 Sep '09 17:13 Post subject: Modsecurity console does not see any data |
|
|
I have the same issue, modsecurity console does not see my data. Apache error log shows modsecurity reports.
I suspect it is something simple, but I've now looked at it on and off for hours.
Anyone know any typical reasons why this would happen?
Thanks
Bruce |
|
| Back to top |
|
|
|
|
|
|
