Processing mod_security audit logs with logwatch

This is a quick and dirty LogWatch script to process mod_security audit logs. I had a google, and couldn’t find any released scripts, so here’s my one.

#!/usr/bin/perl -w
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
while (defined($ThisLine = <stdin>)) {
    chomp($ThisLine);
    if ( $ThisLine =~ m/^Request:/ )
    {
        print $ThisLine."\n";
    }
    if( $ThisLine =~ m/^mod_security-message/ )
    {
        print $ThisLine."\n";
        print "\n";
    }
    </stdin>
}
exit(0);

On Debian, you should just be able to drop the above script into /usr/share/logwatch/scripts/services (chmod +x too!), and then add this to /etc/logwatch/conf/logfiles/mod_security.conf:

–Simon

All Posts by Category or Tags.