Chapter 4. Audit Logging
If you are under attack, it is very important to get a picture of what your attacker is trying to do. Is he using a pre-packaged script to try to get into your server? Is it just a bot hammering away using known exploit code? Or is someone attempting to hack in by using handcrafted SQL injection requests via a proxy server in a foreign country?
Perusing logs of ModSecurity alerts on a regular basis is important to see what kind of exploits are being tried against your server—in some cases you may find that there's a new vulnerability out there that you need to patch against simply by paying some attention to the generated log data.
The standard Apache log does not give much more information than the time and date of ...
Get ModSecurity 2.5 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.