First time caller and first time listener. I had quite a bit of fun making rsyslog fall over on a system, where I was using the new ModSecurity Concurrent SecAuditLogType; and pointed an rsyslog imfile to the directory.
In order to avoid this, would it be all that hard to have an immlogc plugin for rsyslog? In reviewing how to address this from the ModSecurity side, they recommend using mlogc to collect local logs and HTTP PUT them to a remote collector. Unfortunately, the only remote collector I found seems to be WAF-FLE (formerly ModSecurity Audit Console), which accepts the PUT requests and dumps them into a SQL database. This would require more infrastructure; and then solving how to get data out of SQL and back into our rsyslog-based central logging and analysis solution .. Hence my interest in immlogc or something similar. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
