AuditConsole

A web-console for managing ModSecurity events

The AuditConsole is a J2EE web-application which runs within a servlet container and is able to receive audit-event data from the ModSecurity module.

Its primary purpose is centralizing events and indexing these within a database for easier handling and filtering events based on user requests. The application is based on an embedded database, but also allows for external databases (MySQL, PostGres) to be used.

Besides the storage it includes an extendable rule-processor allowing for users to specify rules to be evaluated for incoming events, provides a multi-user approach allowing users to be restricted to view certain events and allows for events to be tagged by users.

Features

The current version of the AuditConsole provides a basic set of features:

  • Receiving Events

    The console can receive events from mlogc or by simple file-uploads of ModSecurity 2.x audit-log files in serial format.

  • Event Storage

    The events are stored in an embedded SQL database. The use of external databases such as MySQL or PostGres is possible as well.

  • User Views

    Users are associated with a view, which determines the set of events being accessible by that users. This allows for multi-user use where each user is only allowed to see specific events.

  • Event Tagging

    Events can be tagged by users to mark them as interesting, false-positive or the like. Events can be filtered by tags.

  • Event Rules

    Users may define rules to be evaluated on incoming events and creating notifications, deleting evens or executing scripts (planned).

For a detailed description of the complete feature set, see the Features page.

Terms of Usage

Based on a set of stable and mature public enterprise components such as struts, hibernate and other, the AuditConsole is intended as a community product.

For details, please refer to the Terms of Use page.