Tuning ModSecurity Console on Windows
For the users of ModSecurity, the free ModSecurity Console remains the best choice for the handling and storage of audit log alerts. There's one problem with it, though—the 64 MB of RAM it allocates is too small for a real deployment. The good news is that the memory usage can be tuned, along with a few other things. Ryan wrote about the console tuning before, here and here.
Ryan's advice will help you on a Unix platform, because the shell script that starts the console can be edited, but it doesn't work on Windows because there's no file to edit. On Windows, the console is started through an executable file. It took me some time to find a solution, after someone asked me for advice today.
ModSecurity Console is packaged using install4j, which is a fantastic packaging platform for Java applications. In order to tune the JVM parameters of Windows applications that run as services, simply create a text file that uses the same name as the executable, replacing the .exe extension with .vmoptions. In the case of ModSecurity Console you need to create modsecurity-console.vmoptions alongside modsecurity-console.exe. In the file, just put one JVM option on each line. For example:
-Xms512m
-Xmx1024m
The above configuration will allocate 512 MB to the console at startup, with the option to use up to 1024 MB in total.
Comments