Skip to main content
This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (pypi.python.org).
Help us improve Python packaging - Donate today!

A tool to manipulate and analyze ModSecurity audit log files.

Project Description

The modseclogc is a ModSecurity audit log file manipulation and analysis tool, command-line or python module based.

Installation

$ pip install modseclogc

Examples

View a request by unique ID:

$ modseclogc --match-id VtU2o38AAQEAAEV6AuwAAAAE modsec.log
--fc565b0b-A--
[01/Mar/2016:06:28:51 +0000] VtU2o38AAQEAAEV6AuwAAAAE 127.0.0.1 34882 127.0.0.1 80

[...snip...]

--fc565b0b-Z--

Display request IDs that match a path glob:

$ modseclogc --match-path /path/to/resource/** --show-id modsec.log
VtU2o38AAQEAAEV6Au0AAAAE
VtU2o38AAQEAAEV6AuwAAAAE
VtU2o38AAQEAAEV5BIgAAAAK

Display the request line and the request payload (modsec audit part “C”) of each audit record:

$ modseclogc --show-request-line --show-parts C modsec.log
OPTIONS /path/to/resource HTTP/1.1
GET /path/to/resource HTTP/1.1
POST /path/to/resource HTTP/1.1
--40382b65-C--
query=foo+bar&page=1

GET /path/to/resource HTTP/1.1

Generate a copy of the audit excluding the payloads (modsec audit part “C”) for a specific path glob, and compress the output:

$ zcat modsec_audit.log.gz \
  | modseclogc \
    --match-path /path/to/resource/** --hide-parts C \
    --unmatched keep \
  | gzip -9 > clean-modsec_audit.log.gz

Details

  • By default, all input records are matched. This is modified via the --match-* and --inverse arguments.
  • By default, all unmatched records are dropped. This is modified via the --unmatched argument.
  • Output operations (show, hide, etc) only apply to matched records (note that the --inverse argument inverts the matching algorithm, not this rule).
  • The audit log must be in Native format (see the SecAuditLogFormat modsec option).
Release History

Release History

This version
History Node

0.1.0

Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
modseclogc-0.1.0.tar.gz (23.8 kB) Copy SHA256 Checksum SHA256 Source Mar 20, 2016

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting