4
Aldar
3y

Okay, yes, modsecurity WAF is amazing and all, but... When one tries to implement its rules atop an existing app that wasn't developed in accordance to the rules... That hurts.

How tf am I supposed to parse and present a 6.5GB / 22M line audit log to the client?! Just parsing that monstrosity once takes *minutes*, let alone doing any sort of sorting / analysis!

I feel sick. This is exactly why I am a sysadmin and not a programmer, I don't like writing analysis stuff, or programs more complex than a few hundred lines of bash... :|

Comments
  • 0
    22 Mbyte LINE. WTF?!
    How big is the file compressed? And can you split it(i have no idea about modsecurity) into chunks that have an general context?
  • 2
    @stop million.

    One does not simply audit mod security, you just set it up and disable shitty rules you can't programmatically get around.
  • 1
    @stop he never said byte. He used the SI unit for million. So 22 million lines; that is a lot.

    So OP I hope you can ask a software engineer ideally one with DevOps experience. You are correct this is not necessarily your job.
  • 0
    Just start reading it and only stop when they leave the meeting
  • 0
    @electrineer I wish, luckily however, we don't get physical meetings with this particular customer, and only do meetings at all when dealing with a particularly nasty issue, or during migration planning and such.

    @JeffGregg Hmm... That might be just it. I'll see if I could stuff an ELK stack somewhere on the existing HW. Thanks!
Add Comment