Auditlog JSON in v2.9.1

Auditlog JSON in v2.9.1

{  
  "transaction":{  
    "time":"13/Jan/2016:08:15:45 --0300",
    "transaction_id":"VpYx4X8AAQEAAGXSB@EAAAAA",
    "remote_address":"127.0.0.1",
    "remote_port":37098,
    "local_address":"127.0.0.1",
    "local_port":80
  },
  "request":{  
    "request_line":"GET /iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp HTTP/1.1",
    "headers":{  
      "Connection":"Keep-Alive",
      "User-Agent":"Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:003019)",
      "Host":"localhost"
    }
  },
  "response":{  
    "protocol":"HTTP/1.1",
    "status":404,
    "headers":{  
      "Content-Length":"308",
      "Keep-Alive":"timeout=5, max=81",
      "Connection":"Keep-Alive",
      "Content-Type":"text/html; charset=iso-8859-1"
    },
    "body":""
  },
  "audit_data":{  
    "messages":[  
      "Warning. Match of \"within %{tx.allowed_methods}\" against \"REQUEST_METHOD\" required. [file \"/etc/modsecurity/owasp-v2/base_rules/modsecurity_crs_30_http_policy.conf\"] [line \"31\"] [id \"960032\"] [rev \"2\"] [msg \"Method is not allowed by policy\"] [data \"GET\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/2.2.9\"] [maturity \"9\"] [accuracy \"9\"] [tag \"OWASP_CRS/POLICY/METHOD_NOT_ALLOWED\"] [tag \"WASCTC/WASC-15\"] [tag \"OWASP_TOP_10/A6\"] [tag \"OWASP_AppSensor/RE1\"] [tag \"PCI/12.1\"]",
      "Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file \"/etc/modsecurity/owasp-v2/base_rules/modsecurity_crs_21_protocol_anomalies.conf\"] [line \"47\"] [id \"960015\"] [rev \"1\"] [msg \"Request Missing an Accept Header\"] [severity \"NOTICE\"] [ver \"OWASP_CRS/2.2.9\"] [maturity \"9\"] [accuracy \"9\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]",
      "Warning. Match of \"within %{tx.allowed_http_versions}\" against \"REQUEST_PROTOCOL\" required. [file \"/etc/modsecurity/owasp-v2/base_rules/modsecurity_crs_30_http_policy.conf\"] [line \"78\"] [id \"960034\"] [rev \"2\"] [msg \"HTTP protocol version is not allowed by policy\"] [data \"HTTP/1.1\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/2.2.9\"] [maturity \"9\"] [accuracy \"9\"] [tag \"OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A6\"] [tag \"PCI/6.5.10\"]",
      "Warning. Matched phrase \"nikto\" at REQUEST_HEADERS:User-Agent. [file \"/etc/modsecurity/owasp-v2/base_rules/modsecurity_crs_35_bad_robots.conf\"] [line \"20\"] [id \"990002\"] [rev \"2\"] [msg \"Request Indicates a Security Scanner Scanned the Site\"] [data \"mozilla/5.00 (nikto/2.1.5) (evasions:none) (test:003019)\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/2.2.9\"] [maturity \"9\"] [accuracy \"9\"] [tag \"OWASP_CRS/AUTOMATION/SECURITY_SCANNER\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]",
      "Warning. Pattern match \"(?i:(?:c(?:o(?:n(?:t(?:entsmartz|actbot/)|cealed defense|veracrawler)|mpatible(?: ;(?: msie|\\\\.)|-)|py(?:rightcheck|guard)|re-project/1.0)|h(?:ina(?: local browse 2\\\\.|claw)|e(?:rrypicker|esebot))|rescent internet toolpak)|w(?:e(?:b(?: (?:downloader|by ...\" at REQUEST_HEADERS:User-Agent. [file \"/etc/modsecurity/owasp-v2/base_rules/modsecurity_crs_35_bad_robots.conf\"] [line \"27\"] [id \"990012\"] [rev \"2\"] [msg \"Rogue web site crawler\"] [data \"Nikto\"] [severity \"WARNING\"] [ver \"OWASP_CRS/2.2.9\"] [maturity \"9\"] [accuracy \"9\"] [tag \"OWASP_CRS/AUTOMATION/MALICIOUS\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]",
      "Warning. Pattern match \"\\\\W{4,}\" at ARGS:Source. [file \"/etc/modsecurity/owasp-v2/base_rules/modsecurity_crs_40_generic_attacks.conf\"] [line \"37\"] [id \"960024\"] [rev \"2\"] [msg \"Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters\"] [data \"Matched Data: /\\xc0\\xae\\xc0\\xae/\\xc0\\xae\\xc0\\xae/ found within ARGS:Source: /IISSAMPLES/\\xc0\\xae\\xc0\\xae/\\xc0\\xae\\xc0\\xae/bogus_directory/nonexistent.asp\"] [ver \"OWASP_CRS/2.2.9\"] [maturity \"9\"] [accuracy \"8\"]",
      "Warning. Pattern match \"(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ...\" at REQUEST_URI. [file \"/etc/modsecurity/owasp-v2/base_rules/modsecurity_crs_42_tight_security.conf\"] [line \"20\"] [id \"950103\"] [rev \"2\"] [msg \"Path Traversal Attack\"] [data \"Matched Data: /%c0%ae%c0%ae/ found within REQUEST_URI: /iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/2.2.9\"] [maturity \"9\"] [accuracy \"7\"] [tag \"OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL\"]"
    ],
    "error_messages":[  
      "[file \"apache2_util.c\"] [line 273] [level 3] [client %s] ModSecurity: %s%s [uri \"%s\"]%s",
      "[file \"apache2_util.c\"] [line 273] [level 3] [client %s] ModSecurity: %s%s [uri \"%s\"]%s",
      "[file \"apache2_util.c\"] [line 273] [level 3] [client %s] ModSecurity: %s%s [uri \"%s\"]%s",
      "[file \"apache2_util.c\"] [line 273] [level 3] [client %s] ModSecurity: %s%s [uri \"%s\"]%s",
      "[file \"apache2_util.c\"] [line 273] [level 3] [client %s] ModSecurity: %s%s [uri \"%s\"]%s",
      "[file \"apache2_util.c\"] [line 273] [level 3] [client %s] ModSecurity: %s%s [uri \"%s\"]%s",
      "[file \"apache2_util.c\"] [line 273] [level 3] [client %s] ModSecurity: %s%s [uri \"%s\"]%s"
    ],
    "stopwatch":{  
      "p1":48636,
      "p2":836,
      "p3":6,
      "p4":51,
      "p5":48,
      "sr":40,
      "sw":0,
      "l":0,
      "gc":0
    },
    "response_body_dechunked":true,
    "producer":"ModSecurity for Apache/2.9.0 (http://www.modsecurity.org/)",
    "server":"Apache/2.4.12 (Ubuntu)",
    "engine_mode":"ENABLED"
  }
}