Skip to main content

A tool to manipulate and analyze ModSecurity audit log files.

Project description

The modseclogc is a ModSecurity audit log file manipulation and analysis tool, command-line or python module based.


$ pip install modseclogc


View a request by unique ID:

$ modseclogc --match-id VtU2o38AAQEAAEV6AuwAAAAE modsec.log
[01/Mar/2016:06:28:51 +0000] VtU2o38AAQEAAEV6AuwAAAAE 34882 80



Display request IDs that match a path glob:

$ modseclogc --match-path /path/to/resource/** --show-id modsec.log

Display the request line and the request payload (modsec audit part “C”) of each audit record:

$ modseclogc --show-request-line --show-parts C modsec.log
OPTIONS /path/to/resource HTTP/1.1
GET /path/to/resource HTTP/1.1
POST /path/to/resource HTTP/1.1

GET /path/to/resource HTTP/1.1

Generate a copy of the audit excluding the payloads (modsec audit part “C”) for a specific path glob, and compress the output:

$ zcat modsec_audit.log.gz \
  | modseclogc \
    --match-path /path/to/resource/** --hide-parts C \
    --unmatched keep \
  | gzip -9 > clean-modsec_audit.log.gz


  • By default, all input records are matched. This is modified via the --match-* and --inverse arguments.
  • By default, all unmatched records are dropped. This is modified via the --unmatched argument.
  • Output operations (show, hide, etc) only apply to matched records (note that the --inverse argument inverts the matching algorithm, not this rule).
  • The audit log must be in Native format (see the SecAuditLogFormat modsec option).

Project details

Release history Release notifications

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
modseclogc-0.1.0.tar.gz (23.8 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page