[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: Mod Security 2.1.x


Oops. I forgot that part (how to post the logs). :) Sorry! You have to
have an account (on the OSSEC wiki) to post to it, but it's quick and
easy to get going.

Site to publish log entries: http://www.ossec.net/wiki/index.php/Log_Samples

The Apache mod_security logs are at:
http://www.ossec.net/wiki/index.php/Modsecurity_samples

I hope that helps!

-Chuck

On 4/13/07, ossec@xxxxxxxxxx <ossec@xxxxxxxxxx> wrote:


MdMonk a écrit :
> Thanks for the log entries. Could you post them to the wiki? That way
> more folks have access to em, and might be able to help with writing
> the decoder and rules.
>

Ok.

About the ModSecurity rules and the apache/web xml rules I think we got
a duplicates with the rules which catch error 500 codes :

  <rule id="31122" level="5">
    <if_sid>31120</if_sid>
    <id>^500</id>
    <options>alert_by_email</options>
    <description>Web server 500 error code (Internal error).</description>
    <group>system_error,</group>
  </rule>


Sioban.
OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.