modsec blocks not reported in error_log

[wanah]

Hello,

I've configured mod security to block bruteforces on Joomla and on Wordpress, and it is filling up nicely /usr/local/apache/logs/modsec_audit.log but this is the detailed log format.

I want to detect modsec blockages and block them with CSF.

CSF needs theses errors to e stored in a single line "error" message format.

How can I make litespeed report these errors in the error_log file ?

 

[wanah]

Hello,

Sorry to up this but I haven't been able to find out how to tell litespeed to add a line to the error_log file when attacks are blocked by litespee's mod_security. I'm thinking about installing Comodo WAF and just enabeling the brute force rules but before this I need to be able to block IP's with CSF based on mod security lines in the error_log that I'm not getting.

Could you please ask your dev's if this is normal ? and how to fix it ?

Thanks

 

[mistwang]

You need to change the log level to "NOTICE", those messages are logged at that level.

 

[wanah]

That will be alot of logging to just be able to block modsecurity ip's. Any chance of add something in afuture release to be able to set just mod security to notice and not everything else ? Or maybe je be able to specify that the audit logging is single line ?