File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -34,18 +34,18 @@ Further note for Centos/Red Hat/Fedora Systems
3434
3535If logstash has been installed from the logstash repository (http://www.logstash.net/docs/1.4.2/repositories ), follow these steps:
3636
37- 1 . Set the path in logstash-modsecurity.conf to path => "/var/log/httpd/modsec_audit.log"
38- 2 . Copy logstash-modsecurity.conf to /etc/logstash/conf.d
39- 3 . Copy logstash_modsecurity_patterns to /opt/logstash/patterns/
40- 4 . Give read access to the logstash user on /var/log/httpd/modsec_audit.log
37+ 1 . Set the path in logstash-modsecurity.conf to path => "/var/log/httpd/modsec_audit.log"
38+ 2 . Copy logstash-modsecurity.conf to /etc/logstash/conf.d
39+ 3 . Copy logstash_modsecurity_patterns to /opt/logstash/patterns/
40+ 4 . Give read access to the logstash user on /var/log/httpd/modsec_audit.log
4141
42- `setfacl -m u:logstash: r /var/log/httpd/modsec_audit.log
42+ `setfacl -m u:logstash: r /var/log/httpd/modsec_audit.log
4343
44- 5 . Restart the logstash agent
44+ 5 . Restart the logstash agent
4545
46- `systemctl restart logstash
46+ `systemctl restart logstash
4747
48- 6 . Confirm mod_security messages are logged to standard output
48+ 6 . Confirm mod_security messages are logged to standard output
4949
50- `tail -f /var/log/logstash/logstash.stdout
50+ `tail -f /var/log/logstash/logstash.stdout
5151
You can’t perform that action at this time.
0 commit comments