Jackson Cremean

I can also confirm the memory leak on reload still exists. personally, I've found the memory leak size is based on the number of ``modsecurity on;`` and ``modsecurity_rules_file /path/to/example.conf;`` directives...

@martinhsv Awesome, at least you are aware of it now. I'm happy to test any PRs that may fix this issue.

@martinhsv I'm running the latest version of both modsec and the connector, my ModSecurity is compiled with pcre2 and pcre-jit for the nginx connector. I'm using nginx 1.24.0 on ubuntu...

at least for me ionotify is working fine, yet disabling it only mostly fixes the issue. ``` Establishing watches... Total of 1 watches. Finished establishing watches, now collecting statistics. Will...

@LaurenceJJones I'm not sure what to look for, so let me know if you are missing some specific logs. I didn't remove the MAC address from the last log line,...

@WhyAydan Thank you for providing these, I didn't have the time to run a packet capture.

@LaurenceJJones I'll add it if I can reproduce the FP.

@LaurenceJJones I was only able to reproduce one of them. I have the ``cscli alerts inspect -d`` output for the other is that fine?

@LaurenceJJones I've just encountered the false positive myself, I've added some logs to the test. I've fixed a new FP with Nextcloud 28 and newer as well.

What is CrowdSec planning with AppArmor intergration, is this meant to be another scenario for Auditd to detect local exploitation? If so, I'd like to just say that I'm interested...