On 10/29/10 3:28 PM, "George Notaras" <[email protected]> wrote:
> On 29/10/2010 21:48, Ryan Barnett wrote: >> - Users can now more easily toggle between traditional/standard mode vs. >> anomaly scoring mode >> by editing the modsecurity_crs_10_config.conf file > > Hello list, > > This is the first time I post to this mailing list, so I'd like to say > thanks to all who have contributed to this project. > > I have several questions about the ruleset, but, for now, reading about > this new feature I'd like to ask whether toggling to standard mode also > reverts logging back to the mod-security default, which records every > message to the apache's error_log using the old format. > > Thanks in advance. Good question and the answer is yes. In the 10 config file, you can edit the SecDefaultAction setting to suit your needs - # You can also decide how you want to handle logging actions. You have three options - # # - To log to both the Apache error_log and ModSecurity audit_log file use - log # - To log *only* to the ModSecurity audit_log file use - nolog,auditlog # - To log *only* to the Apache error_log file use - log,noauditlog # SecDefaultAction "phase:2,pass,nolog,auditlog" _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
