Option to disable logging of log producer in audit log when log level…

… < 9. [Issue owasp-modsecurity#1069 - Marc Stern]
marcstern · Apr 27, 2017 · f586924 · f586924
1 parent 2c07a17
commit f586924
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 1 deletion.
diff --git a/CHANGES b/CHANGES
@@ -1,6 +1,9 @@
 DD MMM YYYY - 2.9.2 - To be released
 ------------------------------------
 
+ * {dis|en}able-dechunk-logging: Option to disable logging of
+   dechunking in audit log when log level < 9.
+   [Issue #1068 - Marc Stern]
  * {dis|en}able-handler-logging: Option to disable logging of Apache handler
    in audit log
    [Issue #1070, #1381 - Marc Stern]

diff --git a/apache2/msc_logging.c b/apache2/msc_logging.c
@@ -1174,6 +1174,9 @@ void sec_audit_logger_json(modsec_rec *msr) {
             yajl_kv_bool(g, "response_body_dechunked", 1);
         }
 
+#ifdef LOG_NO_PRODUCER
+        if (msr->txcfg->debuglog_level >= 9) {
+#endif
         sec_auditlog_write_producer_header_json(msr, g);
 
         /* Server */
@@ -1323,6 +1326,9 @@ void sec_audit_logger_json(modsec_rec *msr) {
         }
     }
 
+#ifdef LOG_NO_PRODUCER
+        }
+#endif
     yajl_gen_map_close(g); // audit_data top-level key is finished
 
     /* AUDITLOG_PART_UPLOADS */

diff --git a/configure.ac b/configure.ac
@@ -487,6 +487,21 @@ AC_ARG_ENABLE(handler-logging,
   log_handler=''
 ])
 
+# Disable logging of log producer
+AC_ARG_ENABLE(log-producer-logging,
+              AS_HELP_STRING([--enable-log-producer-logging],
+                             [Enable logging of log producer in audit log when log level < 9. This is the default]),
+[
+  if test "$enableval" != "no"; then
+    log_producer=
+  else
+    log_producer="-DLOG_NO_PRODUCER"
+  fi
+],
+[
+  log_producer=''
+])
+
 # Ignore configure errors
 AC_ARG_ENABLE(errors,
               AS_HELP_STRING([--disable-errors],
@@ -737,7 +752,7 @@ else
   fi
 fi
 
-MODSEC_EXTRA_CFLAGS="$pcre_study $pcre_match_limit $pcre_match_limit_recursion $pcre_jit $request_early $htaccess_config $lua_cache $debug_conf $debug_cache $debug_acmp $debug_mem $perf_meas $modsec_api $cpu_type $unique_id $log_filename $log_server $log_collection_delete_problem"
+MODSEC_EXTRA_CFLAGS="$pcre_study $pcre_match_limit $pcre_match_limit_recursion $pcre_jit $request_early $htaccess_config $lua_cache $debug_conf $debug_cache $debug_acmp $debug_mem $perf_meas $modsec_api $cpu_type $unique_id $log_filename $log_server $log_collection_delete_problem $log_producer"
 
 APXS_WRAPPER=build/apxs-wrapper
 APXS_EXTRA_CFLAGS=""