Skip to content

Add interface in libModSecurity for reopening log files #1968

@victorhora

Description

@victorhora
Contributor

This is related with feature request owasp-modsecurity/ModSecurity-nginx#121

Modsecurity should reopen audit log on these two signals for proper logrotate operation.

As noted at owasp-modsecurity/ModSecurity-nginx#121 (comment), we could leverage a similar approach as described at https://forum.nginx.org/read.php?29,247488,247500#msg-247500 (i.e. use standard nginx API to open some stub-file with ngx_conf_open_file(), add required handler, and use it for detecting USR1 and HUP signals from master process)

But it seems like libModSecurity currently does not have a nice interface to initiate audit/debug log files reopening by connector's request.

There's a PoC on how we could accomplish that on the connector at owasp-modsecurity/ModSecurity-nginx#121 (comment) as a starting point.

Activity

added this to the v3.0.4 milestone on Nov 28, 2018
linked a pull request that will close this issue on May 1, 2020
remort

remort commented on Oct 4, 2022

@remort

Any news up on that?

baptiste-fourmont

baptiste-fourmont commented on Dec 3, 2024

@baptiste-fourmont

Any news?

airween

airween commented on Dec 3, 2024

@airween
Member

Hi @baptiste-fourmont,

Any news?

Unfortunately not. If you have any idea how can we solve this, feel free to open a PR. But I try to keep this on the table...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Type

No type

Projects

No projects

Relationships

None yet

    Development

    Participants

    @airween@zimmerle@remort@victorhora@baptiste-fourmont

    Issue actions

      Add interface in libModSecurity for reopening log files · Issue #1968 · owasp-modsecurity/ModSecurity