Feature Request : Seperate ModSec Error log File

[vivek]

mistwang, Thank you for fixing mod_security problem

I have a request.

I know that when mod_sec encounted,litespeed will save log to error.log file

But I would like to see the [SECURITY] log only.

Any idea to seperate the modsec log ?

Thanks
Vivek

 

[mistwang]

We are going to create the audit log as Apache's.

 

[ffeingol]

I "think" what Vivek is looking for is for this to work with CSF. Besides putting it in it's own load, it needs to use the exact same format/layout as the mod_security audit log.

Frank

 

[mistwang]

We will try.

 

[vivek]

I "think" what Vivek is looking for is for this to work with CSF. Besides putting it in it's own load, it needs to use the exact same format/layout as the mod_security audit log.

Frank

Actually I am very much impressed with Apache+ Mod_security+ CSF

But LiteSpeed + Mod_sec + CSF cant work together.

CSF cant read litespeed's log , that is the reason. It will be great if litespeed write logs as apache's format .

Otherwise why dont litespeed write modsecurity error as seperate file and that file should be like apache's log file, so that I can change the location of modsec log file in CSF and thus, lwsw+modsec+csf will work great .

 

[vivek]

Any update on this ?

 

[mistwang]

The latest 3.3.5 release package comes with this change. It will may CSF happy, but it is not full clone of mod_security audit log though.

 

[vivek]

I have 3.3.5 installed. Should I update the installation ?
Do you mean , CSF can detect modsec log from error.log ??

Thanks

 

[mistwang]

No, a dedicate mod_security audit log will be created, and the log entry in it should make CSF happy.

Yes, you need to download 3.3.5 again.

 

[vivek]

No, a dedicate mod_security audit log will be created, and the log entry in it should make CSF happy.

Yes, you need to download 3.3.5 again.

Thank you
After downloading the package, should I select Upgrade option?
Save current configuration or uninstall all and then reinstall again ?

 

[vivek]

Oh! Its great! I reinstalled litespeed and it can now work with CSF!!
This is a great news!

Thank you very much
Vivek

 

[mistwang]

Just upgrade.