Logging and auditing
Various levels of logging and auditing can be enabled in the ModSecurity engine.
- Event Logging
-
The Reverse Proxy logs ModSecurity rules engine events and messages using the standard logging mechanism. The logging mechanism can be configured using the
[waf] log-cfgconfiguration entry. See the stanza reference for details. - Auditing Logging
-
The ModSecurity rules engine has the ability to generate auditing records and save these auditing records to a file. The configuration of the auditing component is managed by the
SecAudit...(e.g.SecAuditEngine) configuration entries within the instance specific web application firewall configuration file.- See the ModSecurity reference manual for details about the configuration entries.
- The instance-specific WAF configuration file is managed on the Reverse Proxy page, see Configuring Web Application Firewall for details.
The name of the file which receives the auditing records is fixed to
waf_audit.logand can be found in the Reverse Proxy instance log directory. - Debug Logging
-
The
SecDebugLogLevelconfiguration entry in the web application firewall configuration file can be used to enable debug logging within the ModSecurity rules engine.- See SecDebugLogLevel in the ModSecurity reference manual for details about debug logging.
- The instance-specific WAF configuration file is managed on the Reverse Proxy page, see Configuring Web Application Firewall for details.
The name of the file which receives the debug logging entries is fixed to
waf_debug.logand can be found in the Reverse Proxy instance log directory.