Date: Wed, 16 Jan 2019 22:56:55 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 235014] www/mod_security: ModSec not showing module in Apache error log Message-ID: <bug-235014-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235014 Bug ID: 235014 Summary: www/mod_security: ModSec not showing module in Apache error log Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: sean.smith@basecommerce.com CC: walter@lifeforms.nl CC: walter@lifeforms.nl Flags: maintainer-feedback?(walter@lifeforms.nl) There is an issue with Mod Security where it will not properly log the modu= le name in the error log (ex: /var/log/httpd-error.log).=20 As a part of my ErrorLogFormat configuration I have set: [%-m:%l] %m would show the module in the error log and using %-m will the log show a= - if it wasn't able to return anything. So as of right now the logs will show like this [Wed Jan 16 22:51:05 2019] [-:notice] [pid 6923] mod_security2.c(762): [cli= ent ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured. [-:notice] means that I am unable to filter log levels for the modsec module using things like 'LogLevel warn security2:crit' since the error log doesn't know that the security2 module is what is being logged. A thread having the same issue and the maintainer providing a patch - https://github.com/SpiderLabs/ModSecurity/pull/840 I believe the actual fix is here https://github.com/SpiderLabs/ModSecurity/commit/1048fe8e5ea8d3eb7ce7b5c4c6= 70e394bb745e7e The maintainer does mention in that thread that he did indeed patch it but = I am not sure if this link is the exact patch. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-235014-7788>