Hi Salvo
It´s correct the Splunk for ModSecurity has only been tested with flat files, I uses this on a large enterprise environment and it works great.
I will check if there is possible to index events from ModSec mlogc in a future version of Splunk for ModSecurity.
... View more
Hi Dylan
Of course you can collect the log from your local machine, all you need to do is collect the modsec log somehow and then name the index and sourcetype corresponding to your modsec app macros.conf
Cheers,
Martin
... View more