ModSecurity-nginx support SecAuditLogFormat JSON ?

[truman-test]

ModSecurity-nginx support SecAuditLogFormat JSON ?

ModSecurity configure

./configure --with-yajl=../lloyd-yajl-66cb08c/build/yajl-2.1.0/

ModSecurity - v3.0.0+b58f713 for Linux

Mandatory dependencies

• libInjection ....v2.9.0-799-gb58f713
• SecLang tests ....b58f713

Optional dependencies

• GeoIP ....not found
• LibCURL ....not found
• YAJL ....found
  -lyajl, -DWITH_YAJL -I../lloyd-yajl-66cb08c/build/yajl-2.1.0//include
• LMDB ....not found
• LibXML2 ....found v2.9.1
  -lxml2 -lz -lm -ldl, -I/usr/include/libxml2 -DWITH_LIBXML2

Other Options

• Test Utilities ....enabled
• SecDebugLog ....enabled
• afl fuzzer ....disabled
• library examples ....enabled
• Building parser ....disabled

nginx.conf

modsecurity on;
modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf

modsecurity.conf

SecAuditLogFormat JSON

nginx start error

nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /usr/local/nginx/conf/modsecurity.conf. Line: 256. Column: 23. Invalid input: SecAuditLogFormat JSON in /usr/local/nginx/conf/nginx.conf:118

[zimmerle]

Hi @truman-test,

libModSecurity default output is JSON, you no longer need to use a configuration flag to select it.

[truman-test]

@zimmerle
thanks for your answer. but output isn't json format

I installed the following installation guide
https://github.com/SpiderLabs/ModSecurity/wiki/Compilation-recipes

What installation guide should I look for if Json is the default output format as you said?