Request Filter Logging

[melinite]

Where do i view the logs entries?

I have set log level 1 and server log level to debug, still no entries in log?
Want to test SQL injection attack logs.

Please advise.

 

[mistwang]

If you use Apache httpd.conf, you should change mod_security configuration there.
If you configure filter rules natively, you can try setting log level to 9.

 

[melinite]

Ok log level 9 works, but also floods the log files with all requests like this:

2009-04-24 10:27:55.461 [INFO] [208.52.160.186:33167-2] no request variables, skip ruleset: SQL Injection attack

Like 1000 log entries in 10 minutes.

How to just log when an attack happens.

Soon as I drop to level 8, only logs ALL requests that skip the ruleset.


I'm using native filters from admin console.

Please advise.

 

[mistwang]

Then you set debug log level to 0, only real attack blocked will be logged.

 

[melinite]

Server Log level is set to Debug | Debug level none.

Log level 9 on request filter floods logs still.

Anything less than 9 on request filter log level and attacks don't get logged only skip ruleset notices which flood the log.


Using ver 4.01


I must be missing something.

Please advise.