audit log H appears truncated #3301

ag-luca · 2024-11-13T23:01:55Z

Hi,

I'm not sure if this is a bug, but I've been looking for hours and I can't find similar errors, in my fresh installation of modsecurity on nginx it seems that logs that part H is truncated. Missing fields: Action, Stopwatch, Stopwatch2, Response-Body-Transformed, Producer, Server, Engine-Mode (compared to modsecurity with apache logs)

Current config:
Ubuntu 22.04.5 LTS, nginx/1.18.0, modsecurity-v3.0.13, modsecurity-nginx-v1.0.3, crs 4.8.0

nginx log part H

example expected result

thank you

airween · 2024-11-14T11:47:27Z

Hi @ag-luca,

the second format is used by only Apache with mod_security2 module. libmodsecurity3 does not contain that format at all.

ag-luca · 2024-11-14T13:20:08Z

Hi @ag-luca,

the second format is used by only Apache with mod_security2 module. libmodsecurity3 does not contain that format at all.

Thank you very much @airween

ag-luca · 2024-11-14T13:27:12Z

libmodsecurity3 does not contain the same log format as modsecurity2 part H. Thanks @airween

ag-luca added the 3.x Related to ModSecurity version 3.x label Nov 13, 2024

ag-luca closed this as completed Nov 14, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

audit log H appears truncated #3301

audit log H appears truncated #3301

ag-luca commented Nov 13, 2024

airween commented Nov 14, 2024

ag-luca commented Nov 14, 2024

ag-luca commented Nov 14, 2024

audit log H appears truncated #3301

audit log H appears truncated #3301

Comments

ag-luca commented Nov 13, 2024

airween commented Nov 14, 2024

ag-luca commented Nov 14, 2024

ag-luca commented Nov 14, 2024