Hi,
I was wondering if anyone is able to share their approach for logging audit logs in a containerised environment?
I see we should use "SecAuditLogType Concurrent" if we are expecting lots of logs, to avoid contention on a single log file.
How are other people handling this in a containerised environment? Are you writing to local storage on the container using concurrent mode, and then shipping the log files off to somewhere less ephemeral? What tooling do you use?
References:
Currently using ModSecurity 3.0.4 on nginx-1.21.0 with CRS 3.3.2
Thanks,
Kirk