Support

melinite · #1 04-23-2009, 12:25 PM

Where do i view the logs entries?

I have set log level 1 and server log level to debug, still no entries in log?
Want to test SQL injection attack logs.

Please advise.

mistwang · #2 04-23-2009, 06:58 PM

If you use Apache httpd.conf, you should change mod_security configuration there.
If you configure filter rules natively, you can try setting log level to 9.

melinite · #3 04-24-2009, 07:32 AM

Ok log level 9 works, but also floods the log files with all requests like this:

2009-04-24 10:27:55.461 [INFO] [208.52.160.186:33167-2] no request variables, skip ruleset: SQL Injection attack

Like 1000 log entries in 10 minutes.

How to just log when an attack happens.

Soon as I drop to level 8, only logs ALL requests that skip the ruleset.

I'm using native filters from admin console.

Please advise.

mistwang · #4 04-24-2009, 04:01 PM

Then you set debug log level to 0, only real attack blocked will be logged.

melinite · #5 04-24-2009, 05:27 PM

Server Log level is set to Debug | Debug level none.

Log level 9 on request filter floods logs still.

Anything less than 9 on request filter log level and attacks don't get logged only skip ruleset notices which flood the log.

Using ver 4.01

I must be missing something.

Please advise.