I installed ModSecurity, I would like to get stats out from its usage. The number of blocked requests would be a good starting point. The only solution I was able to imagine is to parse access_log to find 403 http status, is something more clever out there?
Asked
Active
Viewed 174 times
1 Answers
0
There are several other ways to see the blocked request.
- error.log contains many detailed information, eg. which rule blocked the request, why (shows the target and the operator with its argument)
- audit.log (default config file uses modsec_audit.log) shows more details: HTTP status, client ip and port, headers, body, and also the response headers and body
airween
- 6,203
- 1
- 14
- 20