'Re: [mod-security-users] Full file path in logging'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mod-security-users
Subject:    Re: [mod-security-users] Full file path in logging
From:       Tom Anderson <tanderso () oac-design ! com>
Date:       2008-06-06 16:11:05
Message-ID: 48496199.4020509 () oac-design ! com
[Download RAW message or body]

Excluding information because you prefer not to see it isn't really fair 
to the rest of the users who may need that info.  And like Brian said, 
making the log format optional will tend to break log readers and 
analysis tools.  Perhaps instead of changing ModSecurity, you should 
just write a script which allows you to view the log in a more 
personally desirable format.  It's pretty simple to strip out filenames 
and replace long description strings with your own shorthand.

Tom

Marc Stern wrote:
> Is there any way to remove the [file ...] and [line ...] entries in 
> ModSecurity error logs ?
> This gives 2 annoyances:
>  - it can be extremely long (especially when calling rules from a macro)
>  - the absolute path refers to the compiled path, which may differ from 
> the deployment path
> It seems we can patch the source in re.c/line 1320 and 
> apache2_util.c/line 318. Is it safe ?
> Better, could this become a compile time (or run-time) option in a next 
> version ?
> 
> In the same trend, wouldn't it be better to replace "(Error: Connection 
> drop not implemented on this platform)" by something shorter like 
> "(~drop)" ? The longer the logs are, the more difficult they are analysed.
> 
> Could you also add all compile defined to the doc: WITH_PCRE_STUDY, 
> WITH_LUA, NO_MODSEC_API, PERFORMANCE_MEASUREMENT, and future ones. I 
> guess DEBUG_CONF & CACHE_DEBUG are only interesting for ModSecurity 
> developers ?
> 
> Thanks
> -- 
>  
> */Marc Stern/*
> Senior Consultant - Security Group Head
> Approach Belgium - http://www.approach.be
> 
> 
> ------------------------------------------------------------------------
> 
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://sourceforge.net/services/buy/index.php
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users


-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic