Hi, Thank you for all your replay.
2016-10-21 17:17 GMT+01:00 Barry Pollard <barry_poll...@hotmail.com>: > I use Splunk (https://www.splunk.com) to collect log files. I can then > set up alerts based on those. Don't alert on everything (agree with Cosimo > on that!) but have a dashboard of web server healthiness (of which > ModSecurity alerts is one measure) and individual alerts for some > rules/URLs that are sensitive and I want to know about alerts for. Splunk > is quite nice to drill down into things (it's basically a massive Grep tool > in a web front end with dashboarding and alerting). > > Really only use Apache error files rather than ModSecurity audit logs > since they are structured to be parsed easier, so sometimes then have to > look at Audit log for details but sufficient to raise the alert in first > place. > > This has the nice side effective of not slowing down the webserver or > ModSecurity processing as run as a separate instance on a separate server > and only the Splunk forwarded runs on the webserver. > > Thanks, > Barry > > > On 21 Oct 2016, at 16:27, Christian Folini <christian.fol...@netnea.com> > wrote: > > > > Dear Ilyass, > > > > I spent half of the day thinking about what to respond to you. > > The other message covered the tools to use, but how about the > > integration? > > > > There is no documentation on how to pull this off in ModSecurity > > in a clean way AFAIK and I think you should integrate it > > yourself. Personally, I recommend going back to the classic > > exposé of Marcus Ranum about "artificial ignorance". > > And from there, make your way to logpp and SEC. > > > > A primer on ModSecurity alerting sits on my todo list for future > > tutorials once the 12 part series at > > https://www.netnea.com/cms/aapche-tutorials is finished. But > > this todo list is a crowded place, I am afraid. So don't wait for it. > > > > Ahoj, > > > > Christian > > > > > >> On Fri, Oct 21, 2016 at 09:50:35AM +0100, Ilyass Kaouam wrote: > >> Hello guys. > >> > >> How can I configure modsecurity to send an e-mail when match some rule? > I > >> want something "global", for all rules. > >> > >> > >> Thanks > >> > >> > >> -- > >> *Ilyass kaouam* > >> *Systems administrator* > >> *European Masters in Information Technology* > > > >> _______________________________________________ > >> Owasp-modsecurity-core-rule-set mailing list > >> Owasp-modsecurity-core-rule-set@lists.owasp.org > >> https://lists.owasp.org/mailman/listinfo/owasp- > modsecurity-core-rule-set > > > > -- > > https://www.feistyduck.com/training/modsecurity-training-course > > mailto:christian.fol...@netnea.com > > twitter: @ChrFolini > > _______________________________________________ > > Owasp-modsecurity-core-rule-set mailing list > > Owasp-modsecurity-core-rule-set@lists.owasp.org > > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > -- *Ilyass kaouam* *Systems administrator* *European Masters in Information Technology*
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
