[Owasp-modsecurity-core-rule-set] No rule-id in audit/error log with Nginx und MS3/CRS3

Christian Folini christian.folini at netnea.com
Fri Nov 25 10:36:09 UTC 2016


Glad that's solved. Thanks for the update!

Christian

On Fri, Nov 25, 2016 at 11:21:04AM +0100, Muenz, Michael wrote:
> Am 24.11.2016 um 17:37 schrieb Christian Folini:
> >On Thu, Nov 24, 2016 at 05:02:43PM +0100, Muenz, Michael wrote:
> >>SecAuditLogParts ABIJDEFHZ
> >It's a little known detail that Audit Log Parts need to be set
> >in alphabetic order. But I do not think this is the problem here.
> >
> >For me, this sounds like a ModSec/NginX bug - unless you have some other
> >base config which tweaks the audit log in the said fashion. But I
> >do not see how you could.
> >
> >So to me, this is not a CRS problem, but a ModSec on NginX problem.
> >
> 
> LogParts is the default from modsecurity.conf.
> Yesterday Nginx updated their guide for the current version, now
> everything gets logged.
> It's a bug/change in the MS-Nginx connector where everything is
> logged with info severity.
> 
> Thanks,
> Michael
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set


More information about the Owasp-modsecurity-core-rule-set mailing list