This is a quick and dirty LogWatch script to process mod_security audit logs. I had a google, and couldn’t find any released scripts, so here’s my one.
#!/usr/bin/perl -w
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
while (defined($ThisLine = <stdin>)) {
chomp($ThisLine);
if ( $ThisLine =~ m/^Request:/ )
{
print $ThisLine."\n";
}
if( $ThisLine =~ m/^mod_security-message/ )
{
print $ThisLine."\n";
print "\n";
}
</stdin>
}
exit(0);
On Debian, you should just be able to drop the above script into /usr/share/logwatch/scripts/services (chmod +x too!), and then add this to /etc/logwatch/conf/logfiles/mod_security.conf:
–Simon