Apache vhost-specific logging

apache-2.2loggingmod-security

I have the following apache setting (in conf.d/owasp-modsecurity.conf):

SecAuditLog "/var/www/vhosts/${lowercase:%{SERVER_NAME}}/statistics/logs/modsec_audit.log"

When I do httpd -t I get the following error:

Syntax error on line 15 of /etc/httpd/conf.d/owasp-modsecurity.conf:
ModSecurity: Failed to open the audit log file: /var/www/vhosts/${lowercase:%{SERVER_NAME}}/statistics/logs/modsec_audit.log

My intention should be reasonably obvious; I want mod_security audit log entries to end up in vhost-specific files.
This already happens with regular access and error logs (though I've no idea how it is done).

For the record, I also tried the following entries blindly, none worked: $HOSTNAME ${SERVER_NAME} $SERVER_NAME and $HOST.

On a second though, these are environment variables…shouldn't there be something to get Apache internal variables instead?

Related links

Best Answer

Try to put the SecAuditLog entry into the setting for each of your virtual hosts.

Something like this (setup can look a little bit different but this is a basic setting). Also you could check your other log entries (CustomLog, ErrorLog etc) for possible wildcards to insert.

domain1.conf
============
<VirtualHost *:80>
  ServerAdmin postmaster@domain1.com
  ServerName www.domain1.com

  SecAuditLog "/var/www/vhosts/domain1/statistics/logs/modsec_audit.log"
  # lots of more setting goes here
  # ...
</VirtualHost>

domain2.conf
============
<VirtualHost *:80>
  ServerAdmin postmaster@domain2.com
  ServerName www.domain2.com

  SecAuditLog "/var/www/vhosts/domain2/statistics/logs/modsec_audit.log"
  # lots of more setting goes here
  # ...
</VirtualHost>
Related Topic