Is it possible to change the SecAuditLogStorageDir variable so that the logs are sorted by vhost?

[vukitoso]

Hello.

I have libapache2-mod-security2 2.9.7-1 installed on debian 12. In the configuration file /etc/modsecurity/modsecurity.conf Default SecAuditLogStorageDir = /opt/modsecurity/var/audit and all logs are written together, regardless of vhost. Is it possible to sort by vhost?

/opt/modsecurity/var/audit/site1.com/
/opt/modsecurity/var/audit/site2.com/

...

Then, as an option to expand the functionality, you can add variables:

$vhost
$year
$month
$day
$hour
$minute
$second
$id - some kind of unique identifier that is added to the end of the log name

so that you can create different options for log storage paths:

/opt/modsecurity/var/audit/$vhost/$year-$month-$day/$hour-$minute-$second-$ID.log
/opt/modsecurity/var/audit/site.com/2024-03-31/11-51-03-ZgkZYEAFt1ApFkqHlmHjUgAAAAE.log

or

/opt/modsecurity/var/audit/$vhost/$year-$month/$day/$hour-$minute-$second-$ID.log
/opt/modsecurity/var/audit/site.com/2024-03/31/11-51-03-ZgkZYEAFt1ApFkqHlmHjUgAAAAE.log

Thx.