GitHub - wbdv/modsecurity_parselog: Parse mod_security (modsec_audit.log) logs and insert into a database

modsecurity_parselog

A simple service that parse modsecurity logs (modsec_audit.log) and insert few details in a MySQL database

Requirements:

nginx with modsecurity 3.x

load_module modules/ngx_http_modsecurity_module.so;

log to /var/log/modsec_audit.log
/usr/share/GeoIP/GeoLite2-Country.mmdb (get it from https://dev.maxmind.com/geoip/geolite2-free-geolocation-data )
php with php-maxminddb (yum install php-maxminddb)

Tested on CentOS 7

Install

mkdir /usr/local/modsecurity-parselog/
cd /usr/local/modsecurity-parselog/
wget -O modsecurity-parselog.tgz https://github.com/wbdv/modsecurity_parselog/archive/refs/tags/v0.1-beta.tar.gz
tar xzf modsecurity-parselog.tgz
chmod +x modsec-parser.sh
cp setup/modsecurity-parselog.service /etc/systemd/system/modsecurity-parselog.service 
systemctl daemon-reload
mysql -e 'CREATE DATABASE modsec';
mysql -e 'GRANT ALL ON modsec.* TO modsec@localhost IDENTIFIED BY "[..]"';
mysql modsec < setup/modsec.sql 
vi defines.php

systemctl enable --now modsecurity-parselog.service

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
setup		setup
LICENSE		LICENSE
README.md		README.md
defines.php		defines.php
modsec-parser.php		modsec-parser.php
modsec-parser.sh		modsec-parser.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

modsecurity_parselog

About

Uh oh!

Releases

Packages

Languages

License

wbdv/modsecurity_parselog

Folders and files

Latest commit

History

Repository files navigation

modsecurity_parselog

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages