Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add extended access.log #1457

Merged
merged 3 commits into from Jun 24, 2019

Conversation

@franbuehler
Copy link
Collaborator

commented Jun 20, 2019

@franbuehler franbuehler requested review from dune73 and csanders-git Jun 20, 2019

@dune73

This comment has been minimized.

Copy link
Collaborator

commented Jun 21, 2019

The ModSec rules to fill all the necessary variables are there. But you use the former version of the extended logformat (extended-2015). We've updated it in 2019 to include the client source port, the content-type of the request body (if any) and the anomaly scores per paranoia level.
Otherwise, it all looks good.

@franbuehler

This comment has been minimized.

Copy link
Collaborator Author

commented Jun 21, 2019

A log entry now looks like this (here in the crs container):

127.0.0.1 - - [2019-06-21 06:32:24.115978] "GET / HTTP/1.1" 502 379 "-" "curl/7.54.0" "-" 59418 localhost 127.0.0.1 80 proxy-server - + "-" XQx5@IL9xkJ8f23FXNJpZAAAAcU - - 18638 582 -% 60016705 66317 59947938 455 0-0-0-0 0-0-0-0 0 0
@dune73

This comment has been minimized.

Copy link
Collaborator

commented Jun 21, 2019

Looks very good now. Thanks.

Suggestion to update the comment:

IS:  # For more information regarding the extended log format and the timestamp variables, please read:
BETTER: # For more information regarding the values in the extended log format and aliases and scripts to extract information please read:

Probably needs a line break.

@dune73
Copy link
Collaborator

left a comment

+1

@csanders-git csanders-git merged commit 101e6dd into SpiderLabs:v3.2/dev Jun 24, 2019

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.