Skip to main content

A tool to manipulate and analyze ModSecurity audit log files.

Project description

The modseclogc is a ModSecurity audit log file manipulation and analysis tool, command-line or python module based.



$ pip install modseclogc


View a request by unique ID:

$ modseclogc --match-id VtU2o38AAQEAAEV6AuwAAAAE modsec.log
[01/Mar/2016:06:28:51 +0000] VtU2o38AAQEAAEV6AuwAAAAE 34882 80



Display request IDs that match a path glob:

$ modseclogc --match-path /path/to/resource/** --show-id modsec.log

Display the request line and the request payload (modsec audit part “C”) of each audit record:

$ modseclogc --show-request-line --show-parts C modsec.log
OPTIONS /path/to/resource HTTP/1.1
GET /path/to/resource HTTP/1.1
POST /path/to/resource HTTP/1.1

GET /path/to/resource HTTP/1.1

Generate a copy of the audit excluding the payloads (modsec audit part “C”) for a specific path glob, and compress the output:

$ zcat modsec_audit.log.gz \
  | modseclogc \
    --match-path /path/to/resource/** --hide-parts C \
    --unmatched keep \
  | gzip -9 > clean-modsec_audit.log.gz


  • By default, all input records are matched. This is modified via the --match-* and --inverse arguments.

  • By default, all unmatched records are dropped. This is modified via the --unmatched argument.

  • Output operations (show, hide, etc) only apply to matched records (note that the --inverse argument inverts the matching algorithm, not this rule).

  • The audit log must be in Native format (see the SecAuditLogFormat modsec option).

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

modseclogc-0.1.0.tar.gz (23.8 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page