ModSecurity icon indicating copy to clipboard operation
ModSecurity copied to clipboard

Published 20 hours ago verified publisher icon owasp-modsecurity

[Idea] Add variable support for SecAuditLog

Open Xakiadalisabad opened this issue 1 year ago • 3 comments

I would like to provide a log file separately for each user and their website. Is there a chance to do this using variables SecAuditLog?

Xakiadalisabad avatar Apr 25 '24 21:04 Xakiadalisabad

Hi @Xakiadalisabad,

have you tried to put the directive into the vhost context where you want to have an own audit.log?

You didn't mention what version you use. If you use Apache, you can do:

<VirtualHost *:80>

    ...
    SecAuditLog /var/log/nginx/other-vhost-modsec_audit.log
    ...

</VirtualHost>

If you use libmodsecurity3 and Nginx, you can try:

server {
    ...
    modsecurity_rules '
        SecAuditLog /var/log/nginx/other-vhost-modsec_audit.log
    ';

}

airween avatar Apr 26 '24 08:04 airween

If you use Apache, you can automate things with mod_macro, like <Macro VHostName $name> ServerName $name SecAuditLog /var/log/httpd/audit_$name.log [...] </Macro>

marcstern avatar Apr 30 '24 15:04 marcstern