Skip to content

Event message with description "Invalid function" in the Windows Application Event Log #3408

New issue
New issue
Open
Open
Event message with description "Invalid function" in the Windows Application Event Log#3408
Labels
2.xRelated to ModSecurity version 2.x
@skvoboo-gh

Description

@skvoboo-gh
skvoboo-gh
opened on Jun 23, 2025

Describe the bug

Confused ModSecurity event message in the Windows Application Event Log.

To Reproduce

  1. Install ModSecurityIIS_2.9.7-64b-64.msi
  2. Configure ModSecurity for the website
  3. Open website in a browser
  4. Check events in the Windows Application Event Log

Actual result

Event message in the Windows Application Event Log:

Log Name: Application Source: ModSecurity Date: 6/23/2025 5:54:11 AM Event ID: 1 Task Category: None Level: Information Keywords: Classic User: N/A Computer: EC2AMAZ-UJ76N58 Description: Incorrect function. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="ModSecurity" /> <EventID Qualifiers="0">1</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2025-06-23T05:54:11.1744601Z" /> <EventRecordID>42355</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>EC2AMAZ-UJ76N58</Computer> <Security /> </System> <EventData> <Data>ModSecurity for IIS (STABLE)/2.9.7 (http://www.modsecurity.org/) configured.</Data> </EventData> </Event>

Expected behavior

Event message in the Windows Application Event Log:

Log Name: Application Source: ModSecurity Date: 6/23/2025 5:54:11 AM Event ID: 1 Task Category: None Level: Information Keywords: Classic User: N/A Computer: EC2AMAZ-UJ76N58 Description: ModSecurity for IIS (STABLE)/2.9.7 (http://www.modsecurity.org/) configured. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="ModSecurity" /> <EventID Qualifiers="0">1</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2025-06-23T05:54:11.1744601Z" /> <EventRecordID>42355</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>EC2AMAZ-UJ76N58</Computer> <Security /> </System> <EventData> <Data>ModSecurity for IIS (STABLE)/2.9.7 (http://www.modsecurity.org/) configured.</Data> </EventData> </Event>

Server (please complete the following information):

  • ModSecurity version (and connector): 2.9.7 MSI installer
  • WebServer: IIS
  • OS (and distro): Windows

Metadata

Metadata

Assignees

No one assigned

    Labels

    2.xRelated to ModSecurity version 2.x

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions