Rollback change of ModSecurity setting SecAuditLog

2019-09-24 14:44:48 -03:00 · 2019-09-24 14:44:48 -03:00 · ea5add6f5c
commit ea5add6f5c
parent 1dc4d184a0
2 changed files with 5 additions and 4 deletions
--- a/docs/user-guide/third-party-addons/modsecurity.md
+++ b/docs/user-guide/third-party-addons/modsecurity.md
@ -8,8 +8,8 @@ The default ModSecurity configuration file is located in `/etc/nginx/modsecurity
 To enable the ModSecurity feature we need to specify `enable-modsecurity: "true"` in the configuration configmap.

 >__Note:__ the default configuration use detection only, because that minimizes the chances of post-installation disruption.
-The file `/var/log/modsec_audit.log` contains the log of ModSecurity.
-
+Due to the value of the setting [SecAuditLogType=Concurrent](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#secauditlogtype) the ModSecurity log is stored in multiple files inside the directory `/var/log/audit`.
+The default `Serial` value in SecAuditLogType can impact performance.

 The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.
 The directory `/etc/nginx/owasp-modsecurity-crs` contains the [owasp-modsecurity-crs repository](https://github.com/SpiderLabs/owasp-modsecurity-crs).