Determining what to log
The SecAuditLogParts
directive controls which information is included in each audit log entry. The directive takes a string of characters as an argument and each character represents one part of the log data.
These are the characters available together with an explanation of which part of the transaction they represent:
Character |
Description |
---|---|
A |
Audit log header Boundary that signifies the start of the audit log entry. Contains the time and date stamp of the log entry as well as the client and server IP address. Also contains the unique ID for the log entry, which makes it easy to find the request in the Apache log files. This option is mandatory and will be implicitly included if you don't specify it. |
B |
Request headers Contains all of the headers in the request, as sent by the client. |
C |
Request body Contains the request body. Only available if request body access is enabled in ModSecurity. |
E |
Response body Contains the response body of the... |