parsing modsecurity logfiles
ModSecurity - together with the OWASP core rules - is a powerful web application firewall (WAF) It protects your server against a wide range of HTTP-attacks. (SQL injection, cross-site scripting etc.)
However ModSecurity (like any WAF) produces sometimes false positives. To eliminate these, you need to tune your configuration and add rule exclusions. (Whitelisting)
It can be a frustrating and time consuming process to inspect the logfiles. pamsel is a small tool that might help you a bit with this.
sample output:
last changes:
02.04.2022: new option -e (use default logfiles)
22.12.2021: colored output now only to console (escape sequences are unwanted if output is redirected or piped)