Conditional compile flags for logging entries in audit log

Added rule id & msg in "Rule processing failed" log entry
owasp-modsecurity · Jun 30, 2014 · 9e68805 · 9e68805
1 parent cdf09fc
commit 9e68805
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 1 deletion.
diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c
@@ -1507,6 +1507,8 @@ static const char *cmd_default_action(cmd_parms *cmd, void *_dcfg,
         return apr_psprintf(cmd->pool, "ModSecurity: SecDefaultAction must not "
             "contain any metadata actions (id, rev, msg, tag, severity, ver, accuracy, maturity, logdata).");
     }
+
+#ifndef LOG_NO_DEFAULT_DEPRECATED
     /* These are just a warning for now. */
     if ((dcfg->tmp_default_actionset->severity != NOT_SET)
         ||(dcfg->tmp_default_actionset->logdata != NOT_SET_P))
@@ -1525,6 +1527,7 @@ static const char *cmd_default_action(cmd_parms *cmd, void *_dcfg,
             "SecDefaultAction is deprecated (%s:%d).",
             cmd->directive->filename, cmd->directive->line_num);
     }
+#endif
 
     /* Must not use chain. */
     if (dcfg->tmp_default_actionset->is_chained != NOT_SET) {

diff --git a/apache2/apache2_util.c b/apache2/apache2_util.c
@@ -339,6 +339,7 @@ char *format_error_log_message(apr_pool_t *mp, error_message_t *em) {
 
     if (em == NULL) return NULL;
 
+#ifndef LOG_NO_FILENAME
     if (em->file != NULL) {
         s_file = apr_psprintf(mp, "[file \"%s\"] ",
             log_escape(mp, (char *)em->file));
@@ -349,6 +350,7 @@ char *format_error_log_message(apr_pool_t *mp, error_message_t *em) {
         s_line = apr_psprintf(mp, "[line %d] ", em->line);
         if (s_line == NULL) return NULL;
     }
+#endif
 
     s_level = apr_psprintf(mp, "[level %d] ", em->level);
     if (s_level == NULL) return NULL;

diff --git a/apache2/msc_logging.c b/apache2/msc_logging.c
@@ -956,12 +956,15 @@ void sec_audit_logger(modsec_rec *msr) {
             sec_auditlog_write(msr, text, strlen(text));
         }
 
+#ifndef LOG_NO_HANDLER
         /* Apache-Handler */
         if (msr->r->handler != NULL) {
             text = apr_psprintf(msr->mp, "Apache-Handler: %s\n", msr->r->handler);
             sec_auditlog_write(msr, text, strlen(text));
         }
+#endif
 
+#ifndef LOG_NO_STOPWATCH
         /* Stopwatch; left in for compatibility reasons */
         text = apr_psprintf(msr->mp, "Stopwatch: %" APR_TIME_T_FMT " %" APR_TIME_T_FMT " (- - -)\n",
             msr->request_time, (now - msr->request_time));
@@ -976,22 +979,29 @@ void sec_audit_logger(modsec_rec *msr) {
 
             sec_auditlog_write(msr, text, strlen(text));
         }
+#endif
 
+#ifndef LOG_NO_DECHUNK
         /* Our response body does not contain chunks */
         /* ENH Only write this when the output was chunked. */
         /* ENH Add info when request body was decompressed, dechunked too. */
         if (wrote_response_body) {
             text = apr_psprintf(msr->mp, "Response-Body-Transformed: Dechunked\n");
             sec_auditlog_write(msr, text, strlen(text));
         }
+#endif
 
+#ifndef LOG_NO_PRODUCERS
         sec_auditlog_write_producer_header(msr);
+#endif
 
+#ifndef LOG_NO_SERVER
         /* Server */
         if (msr->server_software != NULL) {
             text = apr_psprintf(msr->mp, "Server: %s\n", msr->server_software);
             sec_auditlog_write(msr, text, strlen(text));
         }
+#endif
 
         /* Sanitised arguments */
         {

diff --git a/apache2/re.c b/apache2/re.c
@@ -1920,7 +1920,7 @@ static apr_status_t msre_ruleset_process_phase_(msre_ruleset *ruleset, modsec_re
             }
         }
         else {
-            msr_log(msr, 1, "Rule processing failed with unknown return code: %d.", rc);
+            msr_log(msr, 1, "Rule processing failed (id=%s, msg=%s).", rule->actionset->id, rule->actionset->msg);
             apr_table_clear(msr->matched_vars);
             return -1;
         }
@@ -2194,10 +2194,12 @@ char *msre_format_metadata(modsec_rec *msr, msre_actionset *actionset) {
 
     if (actionset == NULL) return "";
 
+#ifndef LOG_NO_FILENAME
     if ((actionset->rule != NULL) && (actionset->rule->filename != NULL)) {
         fn = apr_psprintf(msr->mp, " [file \"%s\"] [line \"%d\"]",
                 actionset->rule->filename, actionset->rule->line_num);
     }
+#endif
     if (actionset->id != NULL) {
         id = apr_psprintf(msr->mp, " [id \"%s\"]",
                 log_escape(msr->mp, actionset->id));