I've installed mod_log_forensic to test (from the CVS, 1.3 branch) but the shell script check_forensic does not work for me. It fails because the xargs binary does not implement the "-I placeholder" parameter.
Checked on RH, Suse and Cygwin, all running the GNU version of xargs. On which platforms does it work? -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ]
