0

I am writing a java application which gets the http logs in json format string from servers like tomcat.

I want to check those http request/response pairs against mod-security rules for auditing-purposes.

I went through this link - https://www.trustwave.com/Resources/SpiderLabs-Blog/ModSecurity-for-Java---BETA-Testers-Needed/

Similar kinds of links I got for Apache Web Server, Nginx and IIS Servers.

But my problem is - I don't have access to Web Server, I have just http logs with all required information.

Can I integrate mod_security library using JNI/JNA to my custom java application and make it work with my custom formatted input??

Above link shows mod_security classes write logs to tomcat logs.

Is there any way to redirect mod-security event logs to some database like redis or elasticsearch or maybe logstash using some configuration??

Pankaj Goyal
  • 1,448
  • 3
  • 15
  • 25
  • It looks like this project is intended to be run directly within a web application as a `Filter` and not as a separate daemon/watchdog process. If you are producing a log file, maybe you want to look into something like `fail2ban`? – Christopher Schultz May 30 '17 at 20:17
  • Yes I completely understand what you said. But again, I don't have control over Tomcat. I will get http logs from tomcat on which I have to execute modsecurity rules checking. I am wondering if I can write that stack on my own in java using libmodsecJNI.so. – Pankaj Goyal Jun 01 '17 at 03:00
  • Can anybody comment on using standalone codes of modsecurity writing a custom C/C++ wrapper over it? – Pankaj Goyal Jun 03 '17 at 06:02

0 Answers0