Skip to main content

ModSecurity logging

Comments

2 comments

  • quizknows
    the MySQL stuff is pulled by cPanel from the modsec audit log. Audit log data is more verbose than what gets dumped into the apache error log (although, the way cPanel processes it you lose a lot of the useful stuff like POST data from the audit log). In short, log and auditlog are two different things; basic log info goes to the apache error log, verbose info to the modsec audit log. If you really don't want particular rules to log to either, you can add a "nolog" action to the rules themselves, like this: SecRule REQUEST_HEADERS:User-Agent "Test" "deny,nolog,id:121" Honestly though, it's typically worth keeping the logs and audit logs around, they're just text, it really doesn't take up that much disk space. You could also use "noauditlog" instead of "nolog" to keep the basic data in the apache error log, but it won't show up in WHM since that pulls from audit log afaik.
    0
  • Overflow
    I finally added the nolog and noauditlog to the rules I don't wanted Thank you
    0

Please sign in to leave a comment.