GUI editor to tame mod_security rules

⌈⌋ branch:  modseccfg


Log processors / filters

There's a small sample of log filter scripts/ in LogReport and → Preprocess.

There aren't many yet. Because this is slightly hamstrung by the virtually unparsable Apache log formats. In particular any "extended" log formats aren't extractable just with cut/awk and similar shell constructs, because the log field order is arbitrary and thus incompatible across different setups. (And no, the standard combined format itself isn't useful to scan for more interesting attributes. Nor is the mish-mash of delimiters and the mid-90s datetime format.)

Nonetheless, you can probably use some of the reports. In particular the netnea rulereport scripts. They basically craft similar exception rules, as modseccfg recipes, but show them all at once - to cherrypick from.

You can keep the rule report window open alongside the main window. Making it slightly more useful than the log tab even.

Report and preprocess scripts are just bundled with modseccfg for convenience. And you can easily copy them out from the scripts/ directory, if you want to keep using them independently. (If anyone wants an installer .deb bundle, please drop a mail.)

Add your own

Use locate modseccfg/scripts to find the scripts/ directory. But do not save your own scripts there, but just symlink them in. (Else they will get deleted with any update.)

Each script (even if just a slim shell wrapper), requires a little description block atop, at least:

# type: report
# category: mytools
# title: search for common issue...

grep "error" $1  # or whatever

You can parameterize the scripts likewise, or have a # type: image report even. See the scripts/ documentation block for details.
Filters are probably the easiest to craft.