A web-console for managing ModSecurity events
The AuditConsole is a J2EE web-application which runs within a servlet container and is able to receive audit-event data from the ModSecurity module.
Its primary purpose is centralizing events and indexing these within a database for easier handling and filtering events based on user requests. The application is based on an embedded database, but also allows for external databases (MySQL, PostGres) to be used.
Besides the storage it includes an extendable rule-processor allowing for users to specify rules to be evaluated for incoming events, provides a multi-user approach allowing users to be restricted to view certain events and allows for events to be tagged by users.
The current version of the AuditConsole provides a basic set of features:
The console can receive events from
mlogcor by simple file-uploads of ModSecurity 2.x audit-log files in serial format.
The events are stored in an embedded SQL database. The use of external databases such as MySQL or PostGres is possible as well.
Users are associated with a view, which determines the set of events being accessible by that users. This allows for multi-user use where each user is only allowed to see specific events.
Events can be tagged by users to mark them as interesting, false-positive or the like. Events can be filtered by tags.
Users may define rules to be evaluated on incoming events and creating notifications, deleting evens or executing scripts (planned).
Terms of Usage
Based on a set of stable and mature public enterprise components such as struts, hibernate and other, the AuditConsole is intended as a community product.