Return ModSecurity logs

This function retrieves ModSecurity™ log entries from the modsec MySQL® database.

Important:

When you disable the Web Server role, the system disables this function.

Authorizations:

Responses

Response Schema: application/json
Array of objects

An array of objects that contains information about the log entry.

object

Request samples

whmapi1 --output=jsonpretty \
  modsec_get_log

Response samples

Content type
application/json
{
  • "data": [
    • {
      • "action_desc": "Access denied with code 406 (phase 1).",
      • "file_exists": 1,
      • "handler": null,
      • "host": "server.example.com",
      • "http_method": "GET",
      • "http_status": 406,
      • "http_version": "HTTP/1.1",
      • "id": 28,
      • "ip": "10.1.14.77",
      • "justification": "Match of \"within %{tx.allowed_methods}\" against \"REQUEST_METHOD\" required.",
      • "meta_file": "/usr/local/apache/conf/modsec_vendor_configs/OWASP/base_rules/modsecurity_crs_30_http_policy.conf",
      • "meta_id": 960032,
      • "meta_line": 31,
      • "meta_logdata": "GET",
      • "meta_msg": "Method is not allowed by policy",
      • "meta_offset": 0,
      • "meta_rev": 2,
      • "meta_severity": "CRITICAL",
      • "meta_uri": null,
      • "path": "/favicon.ico",
      • "reportable": 1,
      • "timestamp": "2019-10-13T07:58:04.000Z",
      • "timezone": -300
      }
    ],
  • "metadata": {
    • "command": "modsec_get_log",
    • "reason": "OK",
    • "result": 1,
    • "version": 1
    }
}