Summary
In this chapter, we looked at how audit logging works in ModSecurity. We learned how to configure audit logging in ModSecurity and about the difference between serial and concurrent logging. We learned that audit log sanitization actions can be applied to prevent certain information from showing up in the audit logs, and we learned how to disable logging for specific rules or HTTP requests.
The last half of the chapter was devoted to the ModSecurity Console which is an excellent tool to collate and view log data. We learned how to use the console as well as how to send log data to the console using mlogc.
In the next chapter we will be looking at virtual patching—a technique to block newfound vulnerabilities without having to rely on the vendor to supply a software update.
