Is it possible to change the SecAuditLogStorageDir variable so that the logs are sorted by vhost?

[vukitoso]

trafficstars

Hello. Default SecAuditLogStorageDir = /opt/modsecurity/var/audit and all logs are written together, regardless of vhost. Is it possible to sort by vhost?

/opt/modsecurity/var/audit/site1.com/ /opt/modsecurity/var/audit/site2.com/ ...

Thx.

[airween]

Hi @vukitoso,

I can consider this is a feature request.

Beside you sent requests like this, please keep it mind that this module is not ready for production.

[vukitoso]

Then, as an option to expand the functionality, you can add variables: $vhost $year $month $day $hour $minute $second $ID - some kind of unique identifier that is added to the end of the log name

so that you can create different options for log storage paths: /opt/modsecurity/var/audit/$vhost/$year-$month-$day/$hour-$minute-$second-$ID.log /opt/modsecurity/var/audit/site.com/2024-03-31/11-51-03-ZgkZYEAFt1ApFkqHlmHjUgAAAAE.log or /opt/modsecurity/var/audit/$vhost/$year-$month/$day/$hour-$minute-$second-$ID.log /opt/modsecurity/var/audit/site.com/2024-03/31/11-51-03-ZgkZYEAFt1ApFkqHlmHjUgAAAAE.log

[vukitoso]

Beside you sent requests like this, please keep it mind that this module is not ready for production.

I have the package "libapache2-mod-security2" installed on debian 12. This module is built from https://github.com/owasp-modsecurity/ModSecurity-apache?

[airween]

This module is built from https://github.com/owasp-modsecurity/ModSecurity-apache?

No. This module is built from https://github.com/owasp-modsecurity/ModSecurity, but from the branch v2/master.

[vukitoso]

Thank you, that means I wrote in the wrong place. Sorry.