ModSecurity Console not working

I have upgraded my apache to 2.2.4 and at the same time upgraded to modsecurity 2.1.0 with the core rule set.

 

I have added the following configuration in modsecurity_crs_10_config.conf so I can log to a modsecurity console server.  Everything (that I am aware of) is setup like I usually do when I add a new sensor for 1.9, but it isn’t working with 2.1.0.  This is our first server to run modsecurity 2.1.0.

 

SecAuditLogStorageDir "/var/log/modsecure/data/"

SecAuditLog "|/usr/local/apache/bin/modsec-auditlog-collector.pl /var/log/modsecure/data/ /var/log/modsecure/index"

 

Am I missing something?

 

When I set a basic search like..  SecFilter REQUEST_URI attack

 

I get the following errors in my /var/log/modsecure/index file

 

> Failed to parse line: --450a2e03-A--

> Failed to parse line: [28/Mar/2007:08:48:52 --0400] D4ea7awegUwAAAkRBJgAAAAC 172.31.18.203 2992 172.30.129.76 80

> Failed to parse line: --450a2e03-B--

> Failed to parse line: GET /attack HTTP/1.1

> Failed to parse line: Host: ncdcweb11.ncdc.ncus

> Failed to parse line: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3

> Failed to parse line: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5

> Failed to parse line: Accept-Language: en-us,en;q=0.5

> Failed to parse line: Accept-Encoding: gzip,deflate

> Failed to parse line: Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

> Failed to parse line: Keep-Alive: 300

> Failed to parse line: Connection: keep-alive

> Failed to parse line: Cookie: __utma=172831164.552980278.1166469779.1175026754.1175085885.4; __utmz=172831164.1166469779.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmc=172831164; PHPSESSID=2eeb27bc10057c9f534591752c72a097; __utmb=172831164

> Failed to parse line: Cache-Control: max-age=0

> Failed to parse line: --450a2e03-F--

> Failed to parse line: HTTP/1.1 404 Not Found

> Failed to parse line: Content-Length: 204

> Failed to parse line: Keep-Alive: timeout=5, max=100

> Failed to parse line: Connection: Keep-Alive

> Failed to parse line: Content-Type: text/html; charset=iso-8859-1

> Failed to parse line: --450a2e03-H--

> Failed to parse line: Message: Warning. Match of "rx OPTIONS" against "REQUEST_METHOD" required.

> Failed to parse line: Message: Warning. Match of "rx OPTIONS" against "REQUEST_METHOD" required.

> Failed to parse line: Message: Warning. Pattern match "attack" at REQUEST_URI.

> Failed to parse line: Apache-Error: [file "core.c"] [line 3631] [level 3] File does not exist: /home/httpd/attack

> Failed to parse line: Stopwatch: 1175086132861677 3700 (487 3524 -)

> Failed to parse line: Producer: ModSecurity v2.1.0 (Apache 2.x)

> Failed to parse line: Server: Apache/2.2.4 (Unix)

> Failed to parse line: --450a2e03-Z—

 

Then it also does not log into the /var/log/modsecure/data directory either and therefore does not log to the modsecurity console server I have.  This all works with apache 2.2.3 and modsecurity 1.9 but now since the full blown upgrade it doesn̵7;t work…;

 

Can I get some help with this?

 

Thanks