Skip to content

Instantly share code, notes, and snippets.

@lifeforms

lifeforms/gist:4b41ae6464073ced39f5 Secret

Created November 24, 2014 16:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save lifeforms/4b41ae6464073ced39f5 to your computer and use it in GitHub Desktop.
Save lifeforms/4b41ae6464073ced39f5 to your computer and use it in GitHub Desktop.
Download ZIP
Apache log messages not prefixed with name
Raw
gistfile1.md

Apache 2.4 puts a subsystem name in the loglevel string. ModSecurity logs with an empty name, so its messages appear as [:notice] in Apache 2.4 logs where for instance [modsecurity:notice] et al would be a bit nicer.

Example 1: startup messages:

[Mon Nov 24 17:52:41.004240 2014] [:notice] [pid 39052] ModSecurity: chroot checkpoint #1 (pid=39052 ppid=39048)
[Mon Nov 24 17:52:41.004611 2014] [:notice] [pid 39052] ModSecurity for Apache/2.9.0-RC1 (http://www.modsecurity.org/) configured.
[Mon Nov 24 17:52:41.004619 2014] [:notice] [pid 39052] ModSecurity: APR compiled version="1.5.1"; loaded version="1.5.1"
[Mon Nov 24 17:52:41.004626 2014] [:notice] [pid 39052] ModSecurity: PCRE compiled version="8.35 "; loaded version="8.35 2014-04-04"
[Mon Nov 24 17:52:41.004632 2014] [:notice] [pid 39052] ModSecurity: LUA compiled version="Lua 5.1"
[Mon Nov 24 17:52:41.004637 2014] [:notice] [pid 39052] ModSecurity: YAJL compiled version="2.1.0"
[Mon Nov 24 17:52:41.004642 2014] [:notice] [pid 39052] ModSecurity: LIBXML compiled version="2.9.2"
[Mon Nov 24 17:52:41.004647 2014] [:notice] [pid 39052] Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Mon Nov 24 17:52:41.141339 2014] [auth_digest:notice] [pid 39053] AH01757: generating secret for digest authentication ...
[Mon Nov 24 17:52:42.004365 2014] [:notice] [pid 39053] ModSecurity: chroot checkpoint #2 (pid=39053 ppid=1)
[Mon Nov 24 17:52:42.004428 2014] [:notice] [pid 39053] ModSecurity: chroot successful, path=/opt/httpd
[Mon Nov 24 17:52:42.020725 2014] [mpm_prefork:notice] [pid 39053] AH00163: Apache/2.4.10 (FreeBSD) OpenSSL/1.0.1j configured -- resuming normal operations
[Mon Nov 24 17:52:42.020808 2014] [core:notice] [pid 39053] AH00094: Command line: '/usr/local/sbin/httpd -D NOHTTPACCEPT'

Example 2: error message:

[Sun Nov 23 23:25:32.858334 2014] [:error] [pid 66897] [client 192.168.130.112] ModSecurity: JSON parser error: parse error: premature EOF\n [hostname "sim.dt.lfms.nl"] [uri "/"] [unique_id "VHJe3MCogh4AAQVRDzMAAAAC"]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment