Fix logging for Apache 2.4 (again) by erkia · Pull Request #2781 · owasp-modsecurity/ModSecurity (original) (raw)

Thanks for the contribution @erkia .

I expect this would resolve #1135

The only thing I wonder about is whether the name 'security2' is ideal for this purpose. I.e. an apache error.log log line would look like:

... [security2:error] [pid ...

With a quick perusal, I wasn't able to identify any standard that is commonly adhered to.

I.e. Is the official name of the mod after the 'mod_' the common thing to do? Or would 'mod_security2' be more expected? Or perhaps something less based on the official mod name but more like how the engine is normally termed (like 'ModSecurity' -- as was floated as a possibility in #1135 )

Opinions and comments are welcome from the community at large. I'll leave this unmerged for at least a few more days for that purpose.

(One could argue the precise text isn't that critical, as long as we get something meaningful in there.)