Hi Jeremy! In fact, I'm using same config file (2.5.9 to 2.5.13). Only CRS rules have changed. Today after send first email, I tried something different... I've returned to 2.5.9 (now showing "Access Denied" msgs on error_log again), and updated CRS rules with 2.2.0 CRS rules version from modsecurity.org... and again, after CRS update "Access Denied" msgs dissapear from error_log, it's only shows Modsecurity "Warnings" messages, :/
After updates, the only way to see "Access Denied" messages is read "modsec_audit.log", but log format of modsec_audit.log doesnt show all info in one line, it breaks a lot of info on several lines :/ On Tue, Dec 6, 2011 at 2:19 PM, Jeremy Lee <[email protected]> wrote: > You probably have to change the log formatting/output in the ModSec conf > files. Do you still have the .conf files from you 2.5.9 installation? If so, > look through them and see how you were writing out the logs. > > 2011/12/6 Carlos André <[email protected]> >> >> Hi ppl! >> >> I've updated mod_security of my CentOS 5.x from 2.5.9 to 2.5.13 but >> now "error_log" doesnt log "Access Denied" message from mod_security >> once someone hits one mod_security rule. I changed to 2.6.x and it's >> samething... no "Access Denied" messages on "error_log" file. Then, >> OSSEC doesnt generate any alert from hits on mod_security rule. >> >> Anyone here is using OSSEC with mod_security 2.6.x and solved this??? >> >> Thanks! > >
