I have the following apache setting (in conf.d/owasp-modsecurity.conf
):
SecAuditLog "/var/www/vhosts/${lowercase:%{SERVER_NAME}}/statistics/logs/modsec_audit.log"
When I do httpd -t
I get the following error:
Syntax error on line 15 of /etc/httpd/conf.d/owasp-modsecurity.conf:
ModSecurity: Failed to open the audit log file: /var/www/vhosts/${lowercase:%{SERVER_NAME}}/statistics/logs/modsec_audit.log
My intention should be reasonably obvious; I want mod_security audit log entries to end up in vhost-specific files.
This already happens with regular access and error logs (though I've no idea how it is done).
For the record, I also tried the following entries blindly, none worked: $HOSTNAME
${SERVER_NAME}
$SERVER_NAME
and $HOST
.
On a second though, these are environment variables…shouldn't there be something to get Apache internal variables instead?
Related links
Best Answer
Try to put the SecAuditLog entry into the setting for each of your virtual hosts.
Something like this (setup can look a little bit different but this is a basic setting).
Also you could check your other log entries (CustomLog, ErrorLog etc) for possible wildcards to insert.