Piping audit log though mlogc does not work #727

Open
oniric85 opened this Issue May 26, 2014 · 3 comments

Projects

None yet

2 participants

@oniric85

Hi,
I'm using ModSecurity 2.8.0 with IIS 7.5 on Windows Server 2008 R2. I would like to pipe audit log through mlogc but somehow it is not working. Here is the error message I get:

Syntax error in config file C:\Program Files\ModSecurity IIS\modsecurity.conf, line 200: ModSecurity: Failed to open the audit log pipe: C:/PROGRA~1/MODSEC~1/mlogc.bat

I don't know if this is a limitation of the IIS version, could you please state it if this is the case?

@oniric85 oniric85 changed the title from Piping log though mlogc does not work to Piping audit log though mlogc does not work May 26, 2014
@zimmerle
SpiderLabs member

Hi @oniric85, this issue is under investigation. There are a version of ModSecurity with more verbose logs at:

https://github.com/SpiderLabs/ModSecurity/tree/testing_win_mlogc

@zimmerle zimmerle self-assigned this May 27, 2014
@oniric85

Good to know @zimmerle! Seems like a pretty important feature that should not require too much efforts to add given that Apache for Windows does it too. Thanks for your contribution, it would be good to have this feature in the next minor.

Is there any documentation on how to build ModSecurity for IIS using Visual Studio? I've only found steps for Windows versions of Apache.

@zimmerle
SpiderLabs member

Hi @oniric85, sorry for the delay.

The build process is not hard, we have scripts to build all the decencies and ModSecurityIIS itself can be built inside VisualStudio (or using the scripts as well).

Here goes the steps:

  • Make sure you have 7-zip installed, if not install it.
  • Download all the dependencies (It is ok to keep the files under your user's download folder):
    • pcre-8.33.zip
    • zlib-1.2.8.tar.gz
    • libxml2-2.9.1.tar.gz
    • lua-5.1.5.tar.gz
    • curl-7.33.0.zip
    • httpd-2.4.6.tar.gz
    • httpd-2.4.6-win32-VC11.zip
    • httpd-2.4.6-win64-VC11.zip
    • lloyd-yajl-f4b2b1a.zip
  • Download ModSecurity code from the desired branch and have it in a path without spaces, such as: c:\work\ModSecurity
  • Open a DOS prompt and got under the x:...\ModSecurity\iis directory, inside this directory run:
    • build_dependencies.bat "c:\path\to\your\vcvars.bat"
      • In my case: "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\x86_amd64\vcvarsx86_amd64.bat"

If something goes wrong in this build process the script should fail with a graceful error, please share. If everything went fine, just open the ModSecurityIIS.sln and use the normal Visual Studio build process. It will generate a dll, called: ModSecurityIIS.dll.

You can use the installer to have all other files in place and just compile and move the ModSecurity.dll inside your inetsrv folder.

Let me know if you find any trouble during this process.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment