Tuesday, February 5, 2013

ModSecurity Log Auditing System in PHP (MSLA Project)


Light MSLA is a "Light Mod Security Log Auditing" tools that i wrote in PHP , it will import the log of Mod Security to a MySQL database and then using Google API's draw charts from the log file.
This project was part of Mod_Security Project that i did before.
The heart of this script is the "patterns.php" that include few regular expressions command , it will find parts that we need inside the log file and extract them.

You can download the Project from this link : DOWNLOAD (Inside the Google Drive Press Ctrl+S to download)


SETUP:

  • Copy all the files inside the zip package into your server path.
  • Create a database and import the "modsec_db.sql" file into your database.
  • open config.php in a text editor and change the Database name,username,password,host and the Mod_security log path.
  • run the Parser.php from your browser ( it might take some times it depends on how big is your log file)
  • after the parser.php fully loaded and page become Done , open the index.php
  • input the username and password as following for going into the dashboard.
    username:root25.com
    password:ssap25
  • For drawing the graphs it need some times. 

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
IMPORTANT: This script need internet access for drawing the charts because i use Google API's for the charts.
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
As i mentioned before this was a student project , so you can change any parts based on your own need.
the hardest part and heart of this script are the patterns inside the "patterns.php" that will help to
find and extract specific parts from the log.
"useragent.php" will extract the details of os and browser from the user-agent information in the log.

This video is also show you how to install and an example of the project.
http://youtu.be/bzWIi1W3rkY

This is the post about the "How to install Mod Security on Apache Step by Step for Beginners"
This is the post about the "How to implement Reverse Proxy & Mod Security"

9 comments:

  1. Hi Amir,

    I try to use your Log Auditing System.
    I've followed the instruction.
    But it seems like nothing being extracted to the database.

    Any guide? Thanks.

    ReplyDelete
    Replies
    1. Hello Zerozam,

      I didn't understand exactly where is your problem?
      1.Did you successfully make the database in MYSQL server?
      2.Did you do the changes in config.php about dbname/user/pass ... ?

      If you already successfully did the above steps , you Just need to copy the log file to the directory of "Log Auditing System" and change the path and the name of log inside "config.php

      Then Run the Parser, it need sometime...
      __________________________________________
      If Its not working please provide me in which stage you face a problem or what kind of error you received?

      Delete
  2. Hi Amir,

    1. Yes. I have successfully make the database & upload the .sql file to the database.
    2. Yes. I have change the password to make it connect to the database

    But still nothing being inserted to the db after I run the parser.php.
    Also the parser.php loads fast. Which I think nothing run in background.

    So basically I stuck at stage load the parser.php

    Btw, is the file permission also related to this problem?
    I've chmod tp 755. Also to 777 but not working also.

    ReplyDelete
    Replies
    1. Ok.
      Again I have to remind you about setting the path of log file. You have to copy the log file from Mod Security DIR to LOG AUDITING SCRIPT Directory and set the file name in config.php (Something like below line)
      $file = 'modsec_audit.log'; //Mod_Security Log file path

      If the problem still exist ,Maybe something is wrong with your PHP configuration.. Because in some cases you need to change some limitation in php config (Such as max upload amount or memory amount & ...)
      So
      1.please open the parser.php in Notepad or any other simple text editor
      2.In second line you will see >>> error_reporting("Off");
      3.Change it to On >>> error_reporting("On");
      then try to import the log if any error appear please copy the error here.

      About the CHMOD, you just need the permission to read.

      Delete
    2. I've follow everything accordingly.
      But I still get nothing. Just a blank page even error_reporting it On.

      Any ideas?

      Delete
    3. Maybe the structure of your log is different (Based on the version of modsec) , Inside the zip file that you uploaded from here you can see a sample log file "modsec_audit.log" try with that.
      And I like to know how big is your log file?

      Delete
  3. For the smooth activity for your business exercises we offer support methodology independent of the area of the application advancement. Top Expert Cakephp Developers

    ReplyDelete
  4. PHP has dreadful group organization strikingly with Python who can create, build and offer packs to various engineers so they can make relationship between different undertakings through supposed modules.Why use Laravel

    ReplyDelete

Social Networks Sharing