I'm using ModSecurity 2.8.0 with IIS 7.5 on Windows Server 2008 R2. I would like to pipe audit log through mlogc but somehow it is not working. Here is the error message I get:
Syntax error in config file C:\Program Files\ModSecurity IIS\modsecurity.conf, line 200: ModSecurity: Failed to open the audit log pipe: C:/PROGRA~1/MODSEC~1/mlogc.bat
I don't know if this is a limitation of the IIS version, could you please state it if this is the case?
Hi @oniric85, this issue is under investigation. There are a version of ModSecurity with more verbose logs at:
Good to know @zimmerle! Seems like a pretty important feature that should not require too much efforts to add given that Apache for Windows does it too. Thanks for your contribution, it would be good to have this feature in the next minor.
Is there any documentation on how to build ModSecurity for IIS using Visual Studio? I've only found steps for Windows versions of Apache.
Hi @oniric85, sorry for the delay.
The build process is not hard, we have scripts to build all the decencies and ModSecurityIIS itself can be built inside VisualStudio (or using the scripts as well).
Here goes the steps:
If something goes wrong in this build process the script should fail with a graceful error, please share. If everything went fine, just open the ModSecurityIIS.sln and use the normal Visual Studio build process. It will generate a dll, called: ModSecurityIIS.dll.
You can use the installer to have all other files in place and just compile and move the ModSecurity.dll inside your inetsrv folder.
Let me know if you find any trouble during this process.