Glad that's solved. Thanks for the update! Christian
On Fri, Nov 25, 2016 at 11:21:04AM +0100, Muenz, Michael wrote: > Am 24.11.2016 um 17:37 schrieb Christian Folini: > >On Thu, Nov 24, 2016 at 05:02:43PM +0100, Muenz, Michael wrote: > >>SecAuditLogParts ABIJDEFHZ > >It's a little known detail that Audit Log Parts need to be set > >in alphabetic order. But I do not think this is the problem here. > > > >For me, this sounds like a ModSec/NginX bug - unless you have some other > >base config which tweaks the audit log in the said fashion. But I > >do not see how you could. > > > >So to me, this is not a CRS problem, but a ModSec on NginX problem. > > > > LogParts is the default from modsecurity.conf. > Yesterday Nginx updated their guide for the current version, now > everything gets logged. > It's a bug/change in the MS-Nginx connector where everything is > logged with info severity. > > Thanks, > Michael > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set