We are seeing modsecurity messages in the audit_log file but not in the web gui. The web gui is showing 0 events and 0 attacks.
So if recent events (after you fixed mysql) and not showing in the GUI, then there is still something wrong with ASL talking to mysql, or the ASL database is corrupt. Can you please look at your /var/log/ossec/ossec.log file and tell us if you see any errors? Also, do you see any errors about a corrupt database in your mysql logs?
We tried to manually update this in the web interface but had to manually do it in the php.ini file. When changing settings like that via the web interface do we need to restart apache? It seemed like it wasn't working.
With the first issue above and this one its really starting to sound like you may have a broken or incomplete install. Did you have any errors on install or upgrade? And what process did you use for either?
Can you run the manual upgrade process for me, and send us the output:https://www.atomicorp.com/wiki/index.ph ... al_Upgrade
I will try to get more information on the page that is getting a Forbidden error. The php code looks fine so I am trying to capture the actual data to see if there is something in there that is being flagged.
modsecurity will record the whole payload. If you follow the process here:https://www.atomicorp.com/wiki/index.ph ... _.28ASL.29
You can also report the false positive from the command line. Its pretty easy to do and will save you from having to sort it out yourself.