modsec blocks not reported in error_log

Discussion in 'Install/Configuration' started by wanah, Aug 3, 2014.

  1. wanah

    wanah Member

    Hello,

    I've configured mod security to block bruteforces on Joomla and on Wordpress, and it is filling up nicely /usr/local/apache/logs/modsec_audit.log but this is the detailed log format.

    I want to detect modsec blockages and block them with CSF.

    CSF needs theses errors to e stored in a single line "error" message format.

    How can I make litespeed report these errors in the error_log file ?
  2. wanah

    wanah Member

    Hello,

    Sorry to up this but I haven't been able to find out how to tell litespeed to add a line to the error_log file when attacks are blocked by litespee's mod_security. I'm thinking about installing Comodo WAF and just enabeling the brute force rules but before this I need to be able to block IP's with CSF based on mod security lines in the error_log that I'm not getting.

    Could you please ask your dev's if this is normal ? and how to fix it ?

    Thanks
  3. mistwang

    mistwang LiteSpeed Staff

    You need to change the log level to "NOTICE", those messages are logged at that level.
  4. wanah

    wanah Member

    That will be alot of logging to just be able to block modsecurity ip's. Any chance of add something in afuture release to be able to set just mod security to notice and not everything else ? Or maybe je be able to specify that the audit logging is single line ?

Share This Page