Am 24.11.2016 um 17:37 schrieb Christian Folini:
On Thu, Nov 24, 2016 at 05:02:43PM +0100, Muenz, Michael wrote:
SecAuditLogParts ABIJDEFHZ
It's a little known detail that Audit Log Parts need to be set
in alphabetic order. But I do not think this is the problem here.
For me, this sounds like a ModSec/NginX bug - unless you have some other
base config which tweaks the audit log in the said fashion. But I
do not see how you could.
So to me, this is not a CRS problem, but a ModSec on NginX problem.
LogParts is the default from modsecurity.conf.
Yesterday Nginx updated their guide for the current version, now
everything gets logged.
It's a bug/change in the MS-Nginx connector where everything is logged
with info severity.
Thanks,
Michael
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
