logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: How to integrate customlog and mod_security error log
Author
k38echo



Joined: 08 Feb 2015
Posts: 1

PostPosted: Sun 08 Feb '15 14:26    Post subject: How to integrate customlog and mod_security error log Reply with quote

I've set up apache 2.2 and mod_security 2 on a centos 6 machine. As you know mod_security produces it's own kind of error log file which it's output is something like :

Code:
[Sun Feb 08 13:53:25 2015] [error] [client 192.168.22.90] ModSecurity:  [file "/etc/httpd/conf.d/mod_security2/base_rules/modsecurity_crs_30_http_policy.conf"] [line "31"] [id "960032"] [rev "2"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] Access denied with code 403 (phase 1). Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [hostname "192.168.110.13"] [uri "/favicon.ico"] [unique_id "VNc5HcCoFt0AACRCAkcAAAAD"]


I need this log plus several further parameters which are : Client port and ip, server port and ip and user-agent info which can be easily set to be written in another log file like this:

Code:
LogFormat "[Remote_Address \"%{REMOTE_ADDR}M\"] [Remote_Port \"%{REMOTE_PORT}M\"] [Server_Address       \"%{SERVER_ADDR}M\"] [Server_Port \"%{SERVER_PORT}M\"] [User_Agent \"%{User-agent}i\"]\n" custom-format-1
 
CustomLog logs/error-v.log custom-format-1



which returns :


Code:
[Remote_Address "192.168.22.90"] [Remote_Port "55025"] [Server_Address "192.168.110.13"] [Server_Port "8888"] [User_Agent "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36"]


but the problem is that I want both these logs in the same file and I have tried to write both logs into the same file in apache httpd.conf but they are written into two separate lines (like a ā€œ\nā€ is used in the end of mod_security error log) which for my particular use is unacceptable.

What should I do to get both logs in the same file and in a single line of text.
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU

PostPosted: Sun 08 Feb '15 14:46    Post subject: Reply with quote

You also posted on the mod_security list, answer:


Hi there,

I do not think you can do that.

What you can do however, is adding the Unique-ID to the access-log
and then correlate it the stuff. Put it into a database if you want to
or just setup your command line environment to do things transparently
for you.

Ahoj,

Christian
Back to top


Reply to topic   Topic: How to integrate customlog and mod_security error log View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules