I want to print mod_security anomaly score to apache error log.
I use setenv
to set enviroment variable, and %{name}e
syntax to print it in log.
Modsecurity config:
SecAction "id:90100,phase:5,pass, nolog, setenv:ModSecAnomalyScoreIn=%{tx.anomaly_score}, setenv:ModSecAnomalyScoreOut=%{TX.outbound_anomaly_score}"
Apache config:
ErrorLogFormat "[...] [anomaly_score_in: %-{ModSecAnomalyScoreIn}e, anomaly_score_out: %-{ModSecAnomalyScoreOut}e ]"
But the output is empty:
[...] [anomaly_score_in: -, anomaly_score_out: - ]
If I add SecAction "id:9990101,phase:5,pass, log, msg:'in: %{env.anomaly_score}, out: %{env.ModSecAnomalyScoreOut}'
, scores are printed, but in new log line.
Where did I go wrong?
Does the %{name}e
in ErrorLogFormat is equal to %{VARNAME}e
in mod_log_config?