Sensor not being updated

89 views
Skip to first unread message

Robert Way

unread,
Aug 4, 2014, 10:56:50 AM8/4/14
to waf...@googlegroups.com
No data going to mysql or showing on waf-fle Stand alone setup. Just installed. using mlogc which is running, I see data going to the transaction log and directories in the data dir being created.

modsecurity.conf

SecAuditLogParts ABIDEFGHZ

SecAuditLogType Concurrent

SecAuditLog "|/usr/bin/mlogc /etc/mlogc.conf"

SecAuditLogStorageDir /var/log/mlogc/data/

SecDataDir /var/log/mlogc/data
________________________________________________

mlogc.conf

CollectorRoot       "/var/log/mlogc"

# ModSecurity Console receiving URI. You can change the host
# and the port parts but leave everything else as is.
ConsoleURI          "http://mydomain.com/controller/"

# Sensor credentials
SensorUsername      "waffle"
SensorPassword      "mypass"

# Base directory where the audit logs are stored.  This can be specified
# as a path relative to the CollectorRoot, or a full path.
LogStorageDir       "/var/log/mlogc/data"

# Transaction log will contain the information on all log collector
# activities that happen between checkpoints. The transaction log
# is used to recover data in case of a crash (or if Apache kills
# the process).
TransactionLog      "mlogc-transaction.log"

# The file where the pending audit log entry data is kept. This file
# is updated on every checkpoint.
QueuePath           "mlogc-queue.log"

# The location of the error log.
ErrorLog            "mlogc-error.log"

# The location of the lock file.
LockFile            "mlogc.lck"
___________________________________________________________

Waf-fle sensor

Name:waffle (id: 1)
IP:Any
Description:This is a sensor
Type:ModSecurity Apache
Status:Enabled
Events total:0
Last event in:
Producer:
Rule Set:
Server:


Any help would be appreciated.


Klaubert Herr da Silveira

unread,
Aug 4, 2014, 8:20:44 PM8/4/14
to waf...@googlegroups.com
Hi Robert, 

did you saw any error in your Apache error.log file? If for some reason your waf-fle are generating error, or you have some modsecurity rules preventing logs to be sent to waf-fle. Your error.log will tell you this.

Best regards, 

Klaubert


--
You received this message because you are subscribed to the Google Groups "waf-fle" group.
To unsubscribe from this group and stop receiving emails from it, send an email to waf-fle+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages